MDVSA-2009:201

Nom du paquet
fetchmail
Date
2009-08-12
Advisory ID
MDVSA-2009:201
Affected versions
2009.0 x86_64 , CS4.0 x86_64 , MES5 i586 , 2009.1 i586 , 2009.0 i586 , 2008.1 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2008.1 x86_64 , 2009.1 x86_64 , MES5 x86_64

Problem description

A vulnerability has been found and corrected in fetchmail:

socket.c in fetchmail before 6.3.11 does not properly handle a '\0'
(NUL) character in a domain name in the subject's Common Name (CN)
and subjectAlt(ernative)Name fields of an X.509 certificate, which
allows man-in-the-middle attackers to spoof arbitrary SSL servers via
a crafted certificate issued by a legitimate Certification Authority,
a related issue to CVE-2009-2408 (CVE-2009-2666).

This update provides a solution to this vulnerability.

Updated packages

2009.0 x86_64

 4bf00d7233d33c3fc5b796a46b759f43  2009.0/x86_64/fetchmail-6.3.8-8.1mdv2009.0.x86_64.rpm
 44ac784cb13d21d5aeb1fe6bc18d4314  2009.0/x86_64/fetchmailconf-6.3.8-8.1mdv2009.0.x86_64.rpm
 5dc1208126ed2eecccafb8ee766c4b34  2009.0/x86_64/fetchmail-daemon-6.3.8-8.1mdv2009.0.x86_64.rpm 
 3815db62ac4fed4c0dfdd62d7f55faad  2009.0/SRPMS/fetchmail-6.3.8-8.1mdv2009.0.src.rpm

CS4.0 x86_64

 4efd52fa2292696aff7558b9960d6818  corporate/4.0/x86_64/fetchmail-6.2.5-11.7.20060mlcs4.x86_64.rpm
 63d83fbb6bc4f03312f4281570e9a996  corporate/4.0/x86_64/fetchmailconf-6.2.5-11.7.20060mlcs4.x86_64.rpm
 5c59ca83d15643903845fc0cffb50cb4  corporate/4.0/x86_64/fetchmail-daemon-6.2.5-11.7.20060mlcs4.x86_64.rpm 
 c312a60acc88462068cc009b0a64202d  corporate/4.0/SRPMS/fetchmail-6.2.5-11.7.20060mlcs4.src.rpm

MES5 i586

 a123563848bc2978fcedef3b56217b93  mes5/i586/fetchmail-6.3.8-8.1mdvmes5.i586.rpm
 721e88658496bddda0d866f22f2236c6  mes5/i586/fetchmailconf-6.3.8-8.1mdvmes5.i586.rpm
 2874c2452d7c91d32145c017dfd0accf  mes5/i586/fetchmail-daemon-6.3.8-8.1mdvmes5.i586.rpm 
 bae980a9b813587c551389692134dcff  mes5/SRPMS/fetchmail-6.3.8-8.1mdvmes5.src.rpm

2009.1 i586

 c29b9d8ed2c1f389ea0e7b14d9112e40  2009.1/i586/fetchmail-6.3.9-1.1mdv2009.1.i586.rpm
 fe9c24396112b32f190e72e1ecbcb616  2009.1/i586/fetchmailconf-6.3.9-1.1mdv2009.1.i586.rpm
 878a6e3369a1bd540ace6a646e343e2b  2009.1/i586/fetchmail-daemon-6.3.9-1.1mdv2009.1.i586.rpm 
 f976873519ff6ce77d58814988e589c7  2009.1/SRPMS/fetchmail-6.3.9-1.1mdv2009.1.src.rpm

2009.0 i586

 0e428279bf334dfe85c63ed25d8b3107  2009.0/i586/fetchmail-6.3.8-8.1mdv2009.0.i586.rpm
 934c48761c1f7c9346ef6b77b809373c  2009.0/i586/fetchmailconf-6.3.8-8.1mdv2009.0.i586.rpm
 702cecfcb0a901d8be9efd41d1c72093  2009.0/i586/fetchmail-daemon-6.3.8-8.1mdv2009.0.i586.rpm 
 3815db62ac4fed4c0dfdd62d7f55faad  2009.0/SRPMS/fetchmail-6.3.8-8.1mdv2009.0.src.rpm

2008.1 i586

 fc0d6023667f27d8af4b3a016f3f45c3  2008.1/i586/fetchmail-6.3.8-7.2mdv2008.1.i586.rpm
 283af95440b29e164c0e067ab8cda9f6  2008.1/i586/fetchmailconf-6.3.8-7.2mdv2008.1.i586.rpm
 9a57ee9d58bbb701721386850835e3cd  2008.1/i586/fetchmail-daemon-6.3.8-7.2mdv2008.1.i586.rpm 
 ae283a656063b3775dea3bba3fcd2e2e  2008.1/SRPMS/fetchmail-6.3.8-7.2mdv2008.1.src.rpm

CS3.0 x86_64

 10b10cdd7d5aa881a0b5e84c4590500d  corporate/3.0/x86_64/fetchmail-6.2.5-3.8.C30mdk.x86_64.rpm
 ce8d21859e640639b8ff20e15dd8ab41  corporate/3.0/x86_64/fetchmailconf-6.2.5-3.8.C30mdk.x86_64.rpm
 0a05886e002ea8af4718df2d55b5d21d  corporate/3.0/x86_64/fetchmail-daemon-6.2.5-3.8.C30mdk.x86_64.rpm 
 d23b19850a57b6ce9bc784a3eea14719  corporate/3.0/SRPMS/fetchmail-6.2.5-3.8.C30mdk.src.rpm

CS4.0 i586

 314fbbd74754d1793da2dc3945d2def4  corporate/4.0/i586/fetchmail-6.2.5-11.7.20060mlcs4.i586.rpm
 0467a3805fe33b3b65ba3ab87c08f08d  corporate/4.0/i586/fetchmailconf-6.2.5-11.7.20060mlcs4.i586.rpm
 4ae72f7fef6a9f3f0d471b30148a1343  corporate/4.0/i586/fetchmail-daemon-6.2.5-11.7.20060mlcs4.i586.rpm 
 c312a60acc88462068cc009b0a64202d  corporate/4.0/SRPMS/fetchmail-6.2.5-11.7.20060mlcs4.src.rpm

CS3.0 i586

 81c21054df257729342c1c2482b49561  corporate/3.0/i586/fetchmail-6.2.5-3.8.C30mdk.i586.rpm
 175c8bbbe91f06e139d919350809c3eb  corporate/3.0/i586/fetchmailconf-6.2.5-3.8.C30mdk.i586.rpm
 fb333b7523f82e0be6883edeb1969373  corporate/3.0/i586/fetchmail-daemon-6.2.5-3.8.C30mdk.i586.rpm 
 d23b19850a57b6ce9bc784a3eea14719  corporate/3.0/SRPMS/fetchmail-6.2.5-3.8.C30mdk.src.rpm

2008.1 x86_64

 1a0e79540df37a5f9efa0bec42c62805  2008.1/x86_64/fetchmail-6.3.8-7.2mdv2008.1.x86_64.rpm
 332ff34caeb4587367564b6b330bc6e4  2008.1/x86_64/fetchmailconf-6.3.8-7.2mdv2008.1.x86_64.rpm
 5bffe9a0d2da5df6d23b6a17af1296b1  2008.1/x86_64/fetchmail-daemon-6.3.8-7.2mdv2008.1.x86_64.rpm 
 ae283a656063b3775dea3bba3fcd2e2e  2008.1/SRPMS/fetchmail-6.3.8-7.2mdv2008.1.src.rpm

2009.1 x86_64

 9d466fd1c5e560b04de4cfa17a0555e7  2009.1/x86_64/fetchmail-6.3.9-1.1mdv2009.1.x86_64.rpm
 32044f61f34ebe3c85c562820d079fb6  2009.1/x86_64/fetchmailconf-6.3.9-1.1mdv2009.1.x86_64.rpm
 9c39d74650b99cddaee5bf2963efa5b4  2009.1/x86_64/fetchmail-daemon-6.3.9-1.1mdv2009.1.x86_64.rpm 
 f976873519ff6ce77d58814988e589c7  2009.1/SRPMS/fetchmail-6.3.9-1.1mdv2009.1.src.rpm

MES5 x86_64

 d509376c094787132d2e80349f0b8077  mes5/x86_64/fetchmail-6.3.8-8.1mdvmes5.x86_64.rpm
 b4fda79b6b9e5f517b5866ddab15daa9  mes5/x86_64/fetchmailconf-6.3.8-8.1mdvmes5.x86_64.rpm
 a3394da93cbfc359ed9bfccf20cc50e1  mes5/x86_64/fetchmail-daemon-6.3.8-8.1mdvmes5.x86_64.rpm 
 bae980a9b813587c551389692134dcff  mes5/SRPMS/fetchmail-6.3.8-8.1mdvmes5.src.rpm

References