Fedora: 2021-9998719311 Critical: STARTTLS Bypass in Fetchmail

Fetchmail is a remote mail retrieval and forwarding utility intended

for use over on-demand TCP/IP links, like SLIP or PPP connections.

Fetchmail supports every remote-mail protocol currently in use on the

Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6,

and IPSEC) for retrieval. Then Fetchmail forwards the mail through

SMTP so you can read it through your favorite mail client.

Install fetchmail if you need to retrieve mail over SLIP or PPP

connections.

Update to fetchmail-6.4.22 (CVE-2021-39272)

* Thu Sep 16 2021 Vitezslav Crhonek - 6.4.22-1

- Update to fetchmail-6.4.22 (CVE-2021-39272)

[ 1 ] Bug #1999190 - CVE-2021-39272 fetchmail: STARTTLS session encryption bypassing

https://bugzilla.redhat.com/show_bug.cgi?id=1999190

su -c 'dnf upgrade --advisory FEDORA-2021-9998719311' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure