Advisories

Mandriva Advisories

Package name	fetchmail
Date	August 31st, 2001
Advisory ID	MDKSA-2001:072
Affected versions	7.1, 7.2, 8.0, CS1.0
Synopsis	Updated fetchmail packages fix input validation vulnerability

Problem Description

A vulnerability was found by Salvatore Sanfilippo in both the IMAP and
POP3 code of fetchmail where the input is not verified and no bounds
checking is done. This can be exploited by a remote attacker to write
arbitrary data into memory. The attacker must have control of the mail
server the client is connecting to via fetchmail in order to exploit
this vulnerability.

Updated Packages

Mandrakelinux 7.1

 ff5474afdc3969147bb460561327c6d0  7.1/RPMS/fetchmail-5.3.8-4.2mdk.i586.rpm
32f4be82c09adfbe0c61ce748982c4f8  7.1/RPMS/fetchmailconf-5.3.8-4.2mdk.i586.rpm
12d83eef760314bd3ecfacf9910e0119  7.1/SRPMS/fetchmail-5.3.8-4.2mdk.src.rpm

Mandrakelinux 7.2

 30968c4a530d86aef6eb8a035e1fb0f4  7.2/RPMS/fetchmail-5.5.2-5.2mdk.i586.rpm
691a814f4bf4d42c9a9175a393be1861  7.2/RPMS/fetchmail-daemon-5.5.2-5.2mdk.i586.rpm
a757421dc5d03124a64c360631d6bdd9  7.2/RPMS/fetchmailconf-5.5.2-5.2mdk.i586.rpm
654e13cf2049db36d4f7ddc9ed8a7e01  7.2/SRPMS/fetchmail-5.5.2-5.2mdk.src.rpm

Mandrakelinux 8.0

 d3d60c3ff5b5a07869a10b3f9519a592  8.0/RPMS/fetchmail-5.7.4-5.2mdk.i586.rpm
c7eb824dd7f7b4cd5144bf9d13608388  8.0/RPMS/fetchmail-daemon-5.7.4-5.2mdk.i586.rpm
dd686925435feb7777ff93e19e136897  8.0/RPMS/fetchmailconf-5.7.4-5.2mdk.i586.rpm
9bfd4b3ee6f4f4dab297d735eb5c81c4  8.0/SRPMS/fetchmail-5.7.4-5.2mdk.src.rpm

Mandrakelinux 8.0/PPC

 e04c544cfd8eb8f4d76bde638a462b0e  ppc/8.0/RPMS/fetchmail-5.7.4-5.2mdk.ppc.rpm
25af9f4b03072a6a55927da8469c1b12  ppc/8.0/RPMS/fetchmail-daemon-5.7.4-5.2mdk.ppc.rpm
49712c3b104eeace680f92cd61de933c  ppc/8.0/RPMS/fetchmailconf-5.7.4-5.2mdk.ppc.rpm
4302ccfec542787c01bea6518df42920  ppc/8.0/SRPMS/fetchmail-5.7.4-5.2mdk.src.rpm

Corporate Server 1.0.1

 ff5474afdc3969147bb460561327c6d0  1.0.1/RPMS/fetchmail-5.3.8-4.2mdk.i586.rpm
32f4be82c09adfbe0c61ce748982c4f8  1.0.1/RPMS/fetchmailconf-5.3.8-4.2mdk.i586.rpm
12d83eef760314bd3ecfacf9910e0119  1.0.1/SRPMS/fetchmail-5.3.8-4.2mdk.src.rpm

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer