MDVSA-2010:037
- Package name
- fetchmail
- Date
- 2010-02-16
- Advisory ID
- MDVSA-2010:037
- Affected versions
- 2010.0 x86_64 , 2010.0 i586
Problem description
A vulnerability have been discovered and corrected in fetchmail:
The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13,
when running in verbose mode on platforms for which char is signed,
allows remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via an SSL X.509 certificate
containing non-printable characters with the high bit set, which
triggers a heap-based buffer overflow during escaping (CVE-2010-0562).
This update provides fetchmail 6.3.14, which is not vulnerable to
this issue.
Updated packages
2010.0 x86_64
b56fed87fa44e6d446be4135b322e9d3 2010.0/x86_64/fetchmail-6.3.14-0.1mdv2010.0.x86_64.rpm 6d8d033e916b62f700e68b27d55e0c5b 2010.0/x86_64/fetchmailconf-6.3.14-0.1mdv2010.0.x86_64.rpm 09b165f3e522197967d5b05317a1d92e 2010.0/x86_64/fetchmail-daemon-6.3.14-0.1mdv2010.0.x86_64.rpm f8be812911fb7f7042b981e8c2ad1094 2010.0/SRPMS/fetchmail-6.3.14-0.1mdv2010.0.src.rpm
2010.0 i586
d8d72bfeb0a3f4db1760728f495a2de9 2010.0/i586/fetchmail-6.3.14-0.1mdv2010.0.i586.rpm b58db1070a6efcd9d28ffc89f66b544c 2010.0/i586/fetchmailconf-6.3.14-0.1mdv2010.0.i586.rpm b794d75bdab692813b345f32a9969658 2010.0/i586/fetchmail-daemon-6.3.14-0.1mdv2010.0.i586.rpm f8be812911fb7f7042b981e8c2ad1094 2010.0/SRPMS/fetchmail-6.3.14-0.1mdv2010.0.src.rpm