Paketname
fetchmail
Datum
2011-06-07
Advisory ID
MDVSA-2011:107
Betroffene Versionen
2009.0 x86_64 , MES5 i586 , 2010.1 i586 , 2009.0 i586 , CS4.0 i586 , CS4.0 x86_64 , MES5 x86_64 , 2010.1 x86_64

Problembeschreibung

Multiple vulnerabilities were discovered and corrected in fetchmail:

fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does
not properly handle invalid characters in a multi-character locale,
which allows remote attackers to cause a denial of service (memory
consumption and application crash) via a crafted (1) message header or
(2) POP3 UIDL list (CVE-2010-1167). NOTE: This vulnerability did not
affect Mandriva Linux 2010.2.

fetchmail 5.9.9 through 6.3.19 does not properly limit the wait
time after issuing a (1) STARTTLS or (2) STLS request, which allows
remote servers to cause a denial of service (application hang)
by acknowledging the request but not sending additional packets
(CVE-2011-1947).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been upgraded to the 6.3.20 version which
is not vulnerable to these issues.

Aktualisierte Pakete

2009.0 x86_64

 d068668a5be3b422ac49ee68376ef2f2  2009.0/x86_64/fetchmail-6.3.20-0.1mdv2009.0.x86_64.rpm
 5d586cf7cbaa5a661bef2b79a32f9841  2009.0/x86_64/fetchmailconf-6.3.20-0.1mdv2009.0.x86_64.rpm
 3d6f73e1b46c7b154b4ade245498642b  2009.0/x86_64/fetchmail-daemon-6.3.20-0.1mdv2009.0.x86_64.rpm 
 d06dc796666631cc2c33470366413380  2009.0/SRPMS/fetchmail-6.3.20-0.1mdv2009.0.src.rpm

MES5 i586

 9978d5caa0f8b529ca65f372318e7def  mes5/i586/fetchmail-6.3.20-0.1mdvmes5.2.i586.rpm
 4e6d7445d7fe568dc8318a8307a032d9  mes5/i586/fetchmailconf-6.3.20-0.1mdvmes5.2.i586.rpm
 82e050b23068208becda3b2efe691626  mes5/i586/fetchmail-daemon-6.3.20-0.1mdvmes5.2.i586.rpm 
 0abdef167f8d00f6980bda48940df1ce  mes5/SRPMS/fetchmail-6.3.20-0.1mdvmes5.2.src.rpm

2010.1 i586

 4e1f0cf13ad4dd13de33e598b54ed10c  2010.1/i586/fetchmail-6.3.20-0.1mdv2010.2.i586.rpm
 9d99d5360bacbee18a354b40d73dbdce  2010.1/i586/fetchmailconf-6.3.20-0.1mdv2010.2.i586.rpm
 00595fe4b19c6de7a788a2669ca27c1e  2010.1/i586/fetchmail-daemon-6.3.20-0.1mdv2010.2.i586.rpm 
 580622099149b837d73746ea58d6e401  2010.1/SRPMS/fetchmail-6.3.20-0.1mdv2010.2.src.rpm

2009.0 i586

 fa463380143ddd8b37d761fa02bdcd4d  2009.0/i586/fetchmail-6.3.20-0.1mdv2009.0.i586.rpm
 33c88d95440a52ff3baa229b132f9cc7  2009.0/i586/fetchmailconf-6.3.20-0.1mdv2009.0.i586.rpm
 a07c07a7ed25d8ece92eb2bba3cb8052  2009.0/i586/fetchmail-daemon-6.3.20-0.1mdv2009.0.i586.rpm 
 d06dc796666631cc2c33470366413380  2009.0/SRPMS/fetchmail-6.3.20-0.1mdv2009.0.src.rpm

CS4.0 i586

 835fbe8cccecac21c87856a74fc630e1  corporate/4.0/i586/fetchmail-6.3.20-0.1.20060mlcs4.i586.rpm
 98246f052294392137bf7c796a9e27f9  corporate/4.0/i586/fetchmailconf-6.3.20-0.1.20060mlcs4.i586.rpm
 f678d210a8d3784c661a7ff53cf70d90  corporate/4.0/i586/fetchmail-daemon-6.3.20-0.1.20060mlcs4.i586.rpm 
 33abcf7dea9f25d8a752cbb93f0f436f  corporate/4.0/SRPMS/fetchmail-6.3.20-0.1.20060mlcs4.src.rpm

CS4.0 x86_64

 2da71f289543859e9665988dcc36e12b  corporate/4.0/x86_64/fetchmail-6.3.20-0.1.20060mlcs4.x86_64.rpm
 44bf90966c95ccaf70eebadd8c774463  corporate/4.0/x86_64/fetchmailconf-6.3.20-0.1.20060mlcs4.x86_64.rpm
 83c9e6d7b456a195197cba0834fa1a4b  corporate/4.0/x86_64/fetchmail-daemon-6.3.20-0.1.20060mlcs4.x86_64.rpm 
 33abcf7dea9f25d8a752cbb93f0f436f  corporate/4.0/SRPMS/fetchmail-6.3.20-0.1.20060mlcs4.src.rpm

MES5 x86_64

 4923eef5e0f29e72a407b4806c890008  mes5/x86_64/fetchmail-6.3.20-0.1mdvmes5.2.x86_64.rpm
 19d714a319a0d7e0a823c9bb1f6a6ccf  mes5/x86_64/fetchmailconf-6.3.20-0.1mdvmes5.2.x86_64.rpm
 4c99cfa954f822bd413ae3e8a8ca6d7e  mes5/x86_64/fetchmail-daemon-6.3.20-0.1mdvmes5.2.x86_64.rpm 
 0abdef167f8d00f6980bda48940df1ce  mes5/SRPMS/fetchmail-6.3.20-0.1mdvmes5.2.src.rpm

2010.1 x86_64

 727d0e55ff5c10a6d61642be1ba243ec  2010.1/x86_64/fetchmail-6.3.20-0.1mdv2010.2.x86_64.rpm
 dc672cd266a8e8267170e790f797a706  2010.1/x86_64/fetchmailconf-6.3.20-0.1mdv2010.2.x86_64.rpm
 04284804437e9d6b0ac3cf451483a52e  2010.1/x86_64/fetchmail-daemon-6.3.20-0.1mdv2010.2.x86_64.rpm 
 580622099149b837d73746ea58d6e401  2010.1/SRPMS/fetchmail-6.3.20-0.1mdv2010.2.src.rpm

Referenzen