Debian: New fetchmail packages fix denial of service

    Date27 Jan 2006
    CategoryDebian
    4233
    Posted ByJoe Shakespeare
    Daniel Drake discovered a problem in fetchmail, an SSL enabled POP3, APOP, IMAP mail gatherer/forwarder, that can cause a crash when the program is running in multidrop mode and receives messages without headers.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 939-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    January 13th, 2006                      http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : fetchmail
    Vulnerability  : programming error
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CVE-2005-4348
    
    Daniel Drake discovered a problem in fetchmail, an SSL enabled POP3,
    APOP, IMAP mail gatherer/forwarder, that can cause a crash when the
    program is running in multidrop mode and receives messages without
    headers.
    
    The old stable distribution (woody) does not seem to be affected by
    this problem.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 6.2.5-12sarge4.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 6.3.1-1.
    
    We recommend that you upgrade your fetchmail package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4.dsc
          Size/MD5 checksum:      650 da6a5aa9e110932fb67071233c390fa2
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4.diff.gz
          Size/MD5 checksum:   150807 6ccb7da887a4b42997e08ef27fbebf55
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5.orig.tar.gz
          Size/MD5 checksum:  1257376 9956b30139edaa4f5f77c4d0dbd80225
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail-ssl_6.2.5-12sarge4_all.deb
          Size/MD5 checksum:    42234 7f4fae48064a57eae406d72676ab0e54
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_6.2.5-12sarge4_all.deb
          Size/MD5 checksum:   101308 1d2a6d40b517a3fc447e2f2d30319fbf
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_alpha.deb
          Size/MD5 checksum:   572964 d87d2f1dd059d0aa4854253405c7fdc3
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_amd64.deb
          Size/MD5 checksum:   555706 9b819cf25859874a1a37585eed8664d6
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_arm.deb
          Size/MD5 checksum:   549176 ae3b2abd6c4408c8be07a8a8065cd2ab
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_i386.deb
          Size/MD5 checksum:   547692 3bc3343f756f1fea4bc7b731cc6e2fed
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_ia64.deb
          Size/MD5 checksum:   597004 c1f497a0ac9ba4f04ab31e1ad66ff729
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_hppa.deb
          Size/MD5 checksum:   561572 cbc31b2ececa0e02ec1a2fa6bc02c019
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_m68k.deb
          Size/MD5 checksum:   537914 1ac30118a80e1b516fbdcaf9e53f3264
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_mips.deb
          Size/MD5 checksum:   556594 6704277ba1a9b9706e6e921ee76e0931
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_mipsel.deb
          Size/MD5 checksum:   556424 f82021920ac82e2126580a3f594953a1
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_powerpc.deb
          Size/MD5 checksum:   556180 b72003c6bbec3bfeeeade4bc94b2f7ff
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_s390.deb
          Size/MD5 checksum:   554496 90790158afe5fb2f5da3eafdfb6d5874
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_sparc.deb
          Size/MD5 checksum:   549094 d1533c572fe845b7e49e88fb40acf0fb
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":62.5,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":12.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.