-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:179 http://www.mandriva.com/security/ _______________________________________________________________________ Package : fetchmail Date : September 11, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A vulnerability in fetchmail was found where it could crash when attempting to deliver an internal warning or error message through an untrusted or compromised SMTP server, leading to a denial of service. Updated packages have been patched to prevent these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4565 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: ec4f5dea69e44968c18ed13aec63fbc4 2007.0/i586/fetchmail-6.3.4-3.3mdv2007.0.i586.rpm 6714594d428e0e2e0ed3e677c7813fda 2007.0/i586/fetchmail-daemon-6.3.4-3.3mdv2007.0.i586.rpm 4d2fbbf2de3d9204647f5a3cd7991e56 2007.0/i586/fetchmailconf-6.3.4-3.3mdv2007.0.i586.rpm 47b05bee8f922fe043863399cad72818 2007.0/SRPMS/fetchmail-6.3.4-3.3mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 1bd5250e46911f1c58e29d99c3ca7b70 2007.0/x86_64/fetchmail-6.3.4-3.3mdv2007.0.x86_64.rpm 3f9aefbedfdc5dcd888c77314827eb41 2007.0/x86_64/fetchmail-daemon-6.3.4-3.3mdv2007.0.x86_64.rpm 899116e39b78dc4184c4f4a1a8d839ff 2007.0/x86_64/fetchmailconf-6.3.4-3.3mdv2007.0.x86_64.rpm 47b05bee8f922fe043863399cad72818 2007.0/SRPMS/fetchmail-6.3.4-3.3mdv2007.0.src.rpm Mandriva Linux 2007.1: 01a5cdfd3329fc919b76bbbd955f1765 2007.1/i586/fetchmail-6.3.6-1.2mdv2007.1.i586.rpm cdc7413cca7f26b5f10a2ade1412f05e 2007.1/i586/fetchmail-daemon-6.3.6-1.2mdv2007.1.i586.rpm 01de767500146bb7f00e5282267cc348 2007.1/i586/fetchmailconf-6.3.6-1.2mdv2007.1.i586.rpm 36ae6d7fa6fd77a2925e5ac64e7a0394 2007.1/SRPMS/fetchmail-6.3.6-1.2mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 3a5fd389cb5ab9d3e66772df25a5d081 2007.1/x86_64/fetchmail-6.3.6-1.2mdv2007.1.x86_64.rpm a9ea49f814c8305ad5b845d5afd11db2 2007.1/x86_64/fetchmail-daemon-6.3.6-1.2mdv2007.1.x86_64.rpm 20cd90c65804e6272fdf8f95586799e4 2007.1/x86_64/fetchmailconf-6.3.6-1.2mdv2007.1.x86_64.rpm 36ae6d7fa6fd77a2925e5ac64e7a0394 2007.1/SRPMS/fetchmail-6.3.6-1.2mdv2007.1.src.rpm Corporate 3.0: c467b462473a61160ef0f00a1fae355e corporate/3.0/i586/fetchmail-6.2.5-3.6.C30mdk.i586.rpm 781126a4db0c738eac5cdd9ec8cc5981 corporate/3.0/i586/fetchmail-daemon-6.2.5-3.6.C30mdk.i586.rpm ae3874e52845214fb1bf7eecdc6abf84 corporate/3.0/i586/fetchmailconf-6.2.5-3.6.C30mdk.i586.rpm 230cbc53c8bbba90c486708fff76abea corporate/3.0/SRPMS/fetchmail-6.2.5-3.6.C30mdk.src.rpm Corporate 3.0/X86_64: eb699fd754ebd4946bfe7c026f6f2e42 corporate/3.0/x86_64/fetchmail-6.2.5-3.6.C30mdk.x86_64.rpm e7ecb2da9c3d73f3b0a5cebf13930f7e corporate/3.0/x86_64/fetchmail-daemon-6.2.5-3.6.C30mdk.x86_64.rpm b6bfcbc53aabb69d1c07d0fb0a8afed8 corporate/3.0/x86_64/fetchmailconf-6.2.5-3.6.C30mdk.x86_64.rpm 230cbc53c8bbba90c486708fff76abea corporate/3.0/SRPMS/fetchmail-6.2.5-3.6.C30mdk.src.rpm Corporate 4.0: 81cfe01e0da3ca09cf7c4ac39bdf48d1 corporate/4.0/i586/fetchmail-6.2.5-11.5.20060mlcs4.i586.rpm 40b38bce6f851cf3165b0e8a8f5f3c50 corporate/4.0/i586/fetchmail-daemon-6.2.5-11.5.20060mlcs4.i586.rpm d7c94a1d6e803c00e5c05f0aa0efc477 corporate/4.0/i586/fetchmailconf-6.2.5-11.5.20060mlcs4.i586.rpm 3efc2789b3ea0582b5c6ec70d65ddff5 corporate/4.0/SRPMS/fetchmail-6.2.5-11.5.20060mlcs4.src.rpm Corporate 4.0/X86_64: 58c9d8daa4ba5a11b96b4373d9f2b45c corporate/4.0/x86_64/fetchmail-6.2.5-11.5.20060mlcs4.x86_64.rpm a9e54ac1f2a56a0ceca4663e1b970201 corporate/4.0/x86_64/fetchmail-daemon-6.2.5-11.5.20060mlcs4.x86_64.rpm de9f1acd42b3a445e9fe8c74b4b90094 corporate/4.0/x86_64/fetchmailconf-6.2.5-11.5.20060mlcs4.x86_64.rpm 3efc2789b3ea0582b5c6ec70d65ddff5 corporate/4.0/SRPMS/fetchmail-6.2.5-11.5.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFG5xcEmqjQ0CJFipgRAsETAKDn3WWSRn/oCB2e9x5/hVgk9r0fHACfVGKa vFZk/FEGzn9cd9fFHScSRkA= =+l52 -----END PGP SIGNATURE-----
