Fedora 10: Security Advisory for Fetchmail 6.3.8 Moderate SSL Bypass

Fetchmail is a remote mail retrieval and forwarding utility intended

for use over on-demand TCP/IP links, like SLIP or PPP connections.

Fetchmail supports every remote-mail protocol currently in use on the

Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6,

and IPSEC) for retrieval. Then Fetchmail forwards the mail through

SMTP so you can read it through your favorite mail client.

Install fetchmail if you need to retrieve mail over SLIP or PPP

connections.

If fetchmail is running in daemon mode, it must be restarted for this update to

take effect (use the "fetchmail --quit" command to stop the fetchmail process).

* Wed Aug 19 2009 Vitezslav Crhonek - 6.3.8-9

- Fix SSL null terminator bypass (CVE-2009-2666)

[ 1 ] Bug #515804 - CVE-2009-2666 fetchmail: SSL null terminator bypass

https://bugzilla.redhat.com/show_bug.cgi?id=515804

su -c 'yum update fetchmail' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/