MDVSA-2011:107
- Package name
- fetchmail
- Date
- 2011-06-07
- Advisory ID
- MDVSA-2011:107
- Affected versions
- 2009.0 x86_64 , MES5 i586 , 2010.1 i586 , 2009.0 i586 , CS4.0 i586 , CS4.0 x86_64 , MES5 x86_64 , 2010.1 x86_64
Problem description
Multiple vulnerabilities were discovered and corrected in fetchmail:
fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does
not properly handle invalid characters in a multi-character locale,
which allows remote attackers to cause a denial of service (memory
consumption and application crash) via a crafted (1) message header or
(2) POP3 UIDL list (CVE-2010-1167). NOTE: This vulnerability did not
affect Mandriva Linux 2010.2.
fetchmail 5.9.9 through 6.3.19 does not properly limit the wait
time after issuing a (1) STARTTLS or (2) STLS request, which allows
remote servers to cause a denial of service (application hang)
by acknowledging the request but not sending additional packets
(CVE-2011-1947).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been upgraded to the 6.3.20 version which
is not vulnerable to these issues.
Updated packages
2009.0 x86_64
d068668a5be3b422ac49ee68376ef2f2 2009.0/x86_64/fetchmail-6.3.20-0.1mdv2009.0.x86_64.rpm 5d586cf7cbaa5a661bef2b79a32f9841 2009.0/x86_64/fetchmailconf-6.3.20-0.1mdv2009.0.x86_64.rpm 3d6f73e1b46c7b154b4ade245498642b 2009.0/x86_64/fetchmail-daemon-6.3.20-0.1mdv2009.0.x86_64.rpm d06dc796666631cc2c33470366413380 2009.0/SRPMS/fetchmail-6.3.20-0.1mdv2009.0.src.rpm
MES5 i586
9978d5caa0f8b529ca65f372318e7def mes5/i586/fetchmail-6.3.20-0.1mdvmes5.2.i586.rpm 4e6d7445d7fe568dc8318a8307a032d9 mes5/i586/fetchmailconf-6.3.20-0.1mdvmes5.2.i586.rpm 82e050b23068208becda3b2efe691626 mes5/i586/fetchmail-daemon-6.3.20-0.1mdvmes5.2.i586.rpm 0abdef167f8d00f6980bda48940df1ce mes5/SRPMS/fetchmail-6.3.20-0.1mdvmes5.2.src.rpm
2010.1 i586
4e1f0cf13ad4dd13de33e598b54ed10c 2010.1/i586/fetchmail-6.3.20-0.1mdv2010.2.i586.rpm 9d99d5360bacbee18a354b40d73dbdce 2010.1/i586/fetchmailconf-6.3.20-0.1mdv2010.2.i586.rpm 00595fe4b19c6de7a788a2669ca27c1e 2010.1/i586/fetchmail-daemon-6.3.20-0.1mdv2010.2.i586.rpm 580622099149b837d73746ea58d6e401 2010.1/SRPMS/fetchmail-6.3.20-0.1mdv2010.2.src.rpm
2009.0 i586
fa463380143ddd8b37d761fa02bdcd4d 2009.0/i586/fetchmail-6.3.20-0.1mdv2009.0.i586.rpm 33c88d95440a52ff3baa229b132f9cc7 2009.0/i586/fetchmailconf-6.3.20-0.1mdv2009.0.i586.rpm a07c07a7ed25d8ece92eb2bba3cb8052 2009.0/i586/fetchmail-daemon-6.3.20-0.1mdv2009.0.i586.rpm d06dc796666631cc2c33470366413380 2009.0/SRPMS/fetchmail-6.3.20-0.1mdv2009.0.src.rpm
CS4.0 i586
835fbe8cccecac21c87856a74fc630e1 corporate/4.0/i586/fetchmail-6.3.20-0.1.20060mlcs4.i586.rpm 98246f052294392137bf7c796a9e27f9 corporate/4.0/i586/fetchmailconf-6.3.20-0.1.20060mlcs4.i586.rpm f678d210a8d3784c661a7ff53cf70d90 corporate/4.0/i586/fetchmail-daemon-6.3.20-0.1.20060mlcs4.i586.rpm 33abcf7dea9f25d8a752cbb93f0f436f corporate/4.0/SRPMS/fetchmail-6.3.20-0.1.20060mlcs4.src.rpm
CS4.0 x86_64
2da71f289543859e9665988dcc36e12b corporate/4.0/x86_64/fetchmail-6.3.20-0.1.20060mlcs4.x86_64.rpm 44bf90966c95ccaf70eebadd8c774463 corporate/4.0/x86_64/fetchmailconf-6.3.20-0.1.20060mlcs4.x86_64.rpm 83c9e6d7b456a195197cba0834fa1a4b corporate/4.0/x86_64/fetchmail-daemon-6.3.20-0.1.20060mlcs4.x86_64.rpm 33abcf7dea9f25d8a752cbb93f0f436f corporate/4.0/SRPMS/fetchmail-6.3.20-0.1.20060mlcs4.src.rpm
MES5 x86_64
4923eef5e0f29e72a407b4806c890008 mes5/x86_64/fetchmail-6.3.20-0.1mdvmes5.2.x86_64.rpm 19d714a319a0d7e0a823c9bb1f6a6ccf mes5/x86_64/fetchmailconf-6.3.20-0.1mdvmes5.2.x86_64.rpm 4c99cfa954f822bd413ae3e8a8ca6d7e mes5/x86_64/fetchmail-daemon-6.3.20-0.1mdvmes5.2.x86_64.rpm 0abdef167f8d00f6980bda48940df1ce mes5/SRPMS/fetchmail-6.3.20-0.1mdvmes5.2.src.rpm
2010.1 x86_64
727d0e55ff5c10a6d61642be1ba243ec 2010.1/x86_64/fetchmail-6.3.20-0.1mdv2010.2.x86_64.rpm dc672cd266a8e8267170e790f797a706 2010.1/x86_64/fetchmailconf-6.3.20-0.1mdv2010.2.x86_64.rpm 04284804437e9d6b0ac3cf451483a52e 2010.1/x86_64/fetchmail-daemon-6.3.20-0.1mdv2010.2.x86_64.rpm 580622099149b837d73746ea58d6e401 2010.1/SRPMS/fetchmail-6.3.20-0.1mdv2010.2.src.rpm