Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Fedora Core 3: 2005-614 Critical: Fetchmail Buffer Overflow Fix

fedora
Calendar Grey July 21, 2005
Dist Fedora Esm H88
Recent Fetchmail updates fix a critical buffer overflow vulnerability that could allow arbitrary code execution. Users should upgrade to the latest version for better security
A buffer overflow was discovered in fetchmail's POP3 client

Summary

Fetchmail is a remote mail retrieval and forwarding utility intended

for use over on-demand TCP/IP links, like SLIP or PPP connections.

Fetchmail supports every remote-mail protocol currently in use on the

Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6,

and IPSEC) for retrieval. Then Fetchmail forwards the mail through

SMTP so you can read it through your favorite mail client.

Install fetchmail if you need to retrieve mail over SLIP or PPP

connections.

A buffer overflow was discovered in fetchmail's POP3 client. A malicious

server could cause fetchmail to execute arbitrary code.

The Common Vulnerabilities and Exposures project has assigned the name

CAN-2005-2355 to this issue.

All fetchmail users should upgrade to the updated package, which fixes this issue.

- Fix CAN-2005-2355 (#163819, patch by Ludwig Nussel)

* Wed Mar 16 2005 Nalin Dahyabhai 6.2.5-7

- stop using one of the libkrb5 private functions

550fbe893b901e7fc028765819409b8a SRPMS/fetchmail-6.2.5-7.fc3.1.src.rpm

14376533cb1e770d8019960596f29dd1 x86_64/fetchmail-6.2.5-7.fc3.1.x86_64.rpm

372ec66fb81998200b4ba0228f77b943 x86_64/debug/fetchmail-debuginfo-6.2.5-7.fc3.1.x86_64.rpm

62947fe15ecc12933cbcdbdfcb87412b i386/fetchmail-6.2.5-7.fc3.1.i386.rpm

69b34d188aaa91ca770789eb582dc8ca i386/debug/fetchmail-debuginfo-6.2.5-7.fc3.1.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

fedora-announce-list@redhat.com

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Name: fetchmail
Version: 6.2.5
Release: 7.fc3.1
Summary: A remote mail retrieval and forwarding utility.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here