--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2006-164512 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=164512 2006-03-28 --------------------------------------------------------------------- Name : fetchmail Versions : rh73: fetchmail-5.9.0-21.7.3.2.legacy Versions : rh9: fetchmail-6.2.0-3.4.legacy Versions : fc1: fetchmail-6.2.0-8.2.legacy Versions : fc2: fetchmail-6.2.5-2.2.legacy Summary : A remote mail retrieval and forwarding utility. Description : Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6, and IPSEC) for retrieval. Then Fetchmail forwards the mail through SMTP so you can read it through your favorite mail client. --------------------------------------------------------------------- Update Information: Updated fetchmail packages that fix security flaws are now available. Fetchmail is a remote mail retrieval and forwarding utility. A bug was found in the way fetchmail allocates memory for long lines. A remote attacker could cause a denial of service by sending a specially- crafted email. The Common Vulnerabilities and Exposures project has assigned the name CVE-2003-0792 to this issue. A buffer overflow was discovered in fetchmail's POP3 client. A malicious server could cause send a carefully crafted message UID and cause fetchmail to crash or potentially execute arbitrary code as the user running fetchmail. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2335 to this issue. A bug was found in the way the fetchmailconf utility program writes configuration files. The default behavior of fetchmailconf is to write a configuration file which may be world readable for a short period of time. This configuration file could provide passwords to a local malicious attacker within the short window before fetchmailconf sets secure permissions. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3088 to this issue. A bug was found when fetchmail is running in multidrop mode. A malicious mail server can cause a denial of service by sending a message without headers. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-4348 to this issue. Users of fetchmail should update to this erratum package which contains backported patches to correct these issues. --------------------------------------------------------------------- Changelogs rh73: * Sat Mar 11 2006 Donald Maner <donjr@xxxxxxxxx> 6.2.0-3.2.legacy - add patch for CAN-2003-0792 (#164512) - add patch for CAN-2005-4348 (#164512) - add patch for CAN-2005-3088 from RHEL 2.1 (#164512) * Thu Jul 28 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 5.9.0-21.7.3.1.legacy - add patch for POP3 buffer overflow - CAN-2005-2355 (#164512) rh9: * Thu Mar 23 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 6.2.0-3.4.legacy - Added missing e2fsprogs-devel to BuildPrereq * Sat Mar 11 2006 Donald Maner <donjr@xxxxxxxxx> 6.2.0-3.2.legacy - add patch for CAN-2003-0792 (#164512) - add patch for CAN-2005-3088 (#164512) * Thu Jul 28 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 6.2.0-3.1.legacy - add patch for POP3 buffer overflow - CAN-2005-2355 (#164512) fc1: * Sun Mar 12 2006 Donald Maner <donjr@xxxxxxxxx> 6.2.0-8.2.legacy - add patch for CAN-2005-3088 (#164512) - add patch for CAN-2005-2355 (#164512) * Thu Jul 28 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 6.2.0-8.1.legacy - add patch for POP3 buffer overflow - CAN-2005-2355 (#164512) fc2: * Sun Mar 12 2006 Donald Maner <donjr@xxxxxxxxx> 6.2.5-2.2.legacy - add patch for crash on empty message - CVE-2005-4348 (#164512) - add patch for CAN-2005-3088 (#164512) * Thu Jul 28 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 6.2.5-2.1.legacy - add patch for POP3 buffer overflow - CAN-2005-2355 (#164512) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: 8b49bca60dc8bcbba7634b8e0559c82fbeef3db5 redhat/7.3/updates-testing/i386/fetchmail-5.9.0-21.7.3.2.legacy.i386.rpm 9c9c861757b4b8b2866f1d0e91dbc16d5037d956 redhat/7.3/updates-testing/i386/fetchmailconf-5.9.0-21.7.3.2.legacy.i386.rpm 9cca4f274cb21928d459ed25883e5d3c1f758f10 redhat/7.3/updates-testing/SRPMS/fetchmail-5.9.0-21.7.3.2.legacy.src.rpm rh9: 0fd22e51f83aab97d8c1790ed95423882f01aa9b redhat/9/updates-testing/i386/fetchmail-6.2.0-3.4.legacy.i386.rpm 7d2eb582d0aba96e07710eb89cd8c4c41c4530d3 redhat/9/updates-testing/SRPMS/fetchmail-6.2.0-3.4.legacy.src.rpm fc1: 5df158a0ba6bb0c323a75464e04b11e246dd8f98 fedora/1/updates-testing/i386/fetchmail-6.2.0-8.2.legacy.i386.rpm 927ed2783b8b4a29d0669e7936c1d27fd05564eb fedora/1/updates-testing/SRPMS/fetchmail-6.2.0-8.2.legacy.src.rpm fc2: 418f533e86f4c04a5fc41235b0618db470a63471 fedora/2/updates-testing/i386/fetchmail-6.2.5-2.2.legacy.i386.rpm d5a948f76f51032c05ab44b0ca7e47e36f7e4042 fedora/2/updates-testing/SRPMS/fetchmail-6.2.5-2.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
