News

=========================================================== Ubuntu Security Notice USN-226-1 December 09, 2005 courier vulnerability CVE-2005-3532 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: courier-authdaemon The problem can be corrected by upgrading the affected package to version 0.45.6-1ubuntu0.2 (for Ubuntu 4.10), 0.47-3ubuntu1.4 (for Ubuntu 5.04), or 0.47-3ubuntu7.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Patrick Cheong Shu Yang discovered a flaw in the user account handling of courier-authdaemon. After successful authorization, the Courier mail server granted access to deactivated accounts.