[Frugalware-security] [ FSA-97 ] fetchmail
voroskoi
noreply at frugalware.org
Tue Jan 16 11:40:00 CET 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frugalware Security Advisory FSA-97
Date: 2007-01-16
Package: fetchmail
Vulnerable versions: <= 6.3.4-1
Unaffected versions: >= 6.3.6-1siwenna1
Related bugreport: http://bugs.frugalware.org/task/1608
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974
Description
===========
A vulnerability and a security issue have been reported in Fetchmail, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and by malicious people to gain knowledge of sensitive information.
1) A NULL pointer dereference error in Fetchmail, when refusing a message that was bound for delivery by a message delivery agent (MDA) via the "mda" option, can be exploited to crash the service.
2) Several errors could lead to the authentication in plain text despite the configured settings, resulting in the possibility of passwords being eavesdropped.
Updated Packages
================
Check if you have fetchmail installed:
# pacman -Q fetchmail
If found, then you should upgrade to the latest version:
# pacman -Sy fetchmail
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info
iD8DBQFFrKuAZ7NElSD1VhkRAkoeAKCELPTbYyEO90rX1vMxvq3AXjTX/gCdFHld
6y3b/uUIAvvLAOrsSCZoh6M=
=xdnj
-----END PGP SIGNATURE-----
More information about the Frugalware-security
mailing list