Paketname
fetchmail
Datum
2010-02-16
Advisory ID
MDVSA-2010:037
Betroffene Versionen
2010.0 x86_64 , 2010.0 i586

Problembeschreibung

A vulnerability have been discovered and corrected in fetchmail:

The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13,
when running in verbose mode on platforms for which char is signed,
allows remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via an SSL X.509 certificate
containing non-printable characters with the high bit set, which
triggers a heap-based buffer overflow during escaping (CVE-2010-0562).

This update provides fetchmail 6.3.14, which is not vulnerable to
this issue.

Aktualisierte Pakete

2010.0 x86_64

 b56fed87fa44e6d446be4135b322e9d3  2010.0/x86_64/fetchmail-6.3.14-0.1mdv2010.0.x86_64.rpm
 6d8d033e916b62f700e68b27d55e0c5b  2010.0/x86_64/fetchmailconf-6.3.14-0.1mdv2010.0.x86_64.rpm
 09b165f3e522197967d5b05317a1d92e  2010.0/x86_64/fetchmail-daemon-6.3.14-0.1mdv2010.0.x86_64.rpm 
 f8be812911fb7f7042b981e8c2ad1094  2010.0/SRPMS/fetchmail-6.3.14-0.1mdv2010.0.src.rpm

2010.0 i586

 d8d72bfeb0a3f4db1760728f495a2de9  2010.0/i586/fetchmail-6.3.14-0.1mdv2010.0.i586.rpm
 b58db1070a6efcd9d28ffc89f66b544c  2010.0/i586/fetchmailconf-6.3.14-0.1mdv2010.0.i586.rpm
 b794d75bdab692813b345f32a9969658  2010.0/i586/fetchmail-daemon-6.3.14-0.1mdv2010.0.i586.rpm 
 f8be812911fb7f7042b981e8c2ad1094  2010.0/SRPMS/fetchmail-6.3.14-0.1mdv2010.0.src.rpm

Referenzen