Mandriva Linux Security Advisory : imapsync (MDVSA-2014:060)
Medium Nessus Plugin ID 73052
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionUpdated imapsync package fixes security vulnerabilities :
Imapsync, by default, runs a release check when executed, which causes imapsync to connect to http://imapsync.lamiral.info and send information about the version of imapsync, the operating system and perl (CVE-2013-4279).
The imapsync package has been patched to disable this feature.
In imapsync before 1.584, a certificate verification failure when using the --tls option results in imapsync attempting a cleartext login (CVE-2014-2014).
SolutionUpdate the affected imapsync package.