Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Red Hat Enterprise Linux Advisory: Fetchmail Denial of Service Problems

red hat
Calendar Grey January 31, 2007
Dist Redhat Esm H88
Newly released fetchmail updates resolve security vulnerabilities classified as moderate by Red Hat, affecting the process of email retrieval.
Updated fetchmail packages that fix two security issues are now available

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

176266 - CVE-2005-4348 Fetchmail DOS by malicious server in multidrop mode 221981 - CVE-2006-5867 fetchmail not enforcing TLS for POP3 properly

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: fab2904aa98dfe5fe2eb75f6102b3732 fetchmail-5.9.0-21.7.3.el2.1.4.src.rpm

i386: e31563e2dfc8c932217bd1c7f7b1240b fetchmail-5.9.0-21.7.3.el2.1.4.i386.rpm 9a97eff50a8354245833c2a49e18ceda fetchmailconf-5.9.0-21.7.3.el2.1.4.i386.rpm

ia64: c05a0909788b58915df9ba7123291719 fetchmail-5.9.0-21.7.3.el2.1.4.ia64.rpm 1c014f448b74cfec7b8ba41f6eca0b0c fetchmailconf-5.9.0-21.7.3.el2.1.4.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: fab2904aa98dfe5fe2eb75f6102b3732 fetchmail-5.9.0-21.7.3.el2.1.4.src.rpm

ia64: c05a0909788b58915df9ba7123291719 fetchmail-5.9.0-21.7.3.el2.1.4.ia64.rpm 1c014f448b74cfec7b8ba41f6eca0b0c fetchmailconf-5.9.0-21.7.3.el2.1.4.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: fab2904aa98dfe5fe2eb75f6102b3732 fetchmail-5.9.0-21.7.3.el2.1.4.src.rpm

i386: e31563e2dfc8c932217bd1c7f7b1240b fetchmail-5.9.0-21.7.3.el2.1.4.i386.rpm 9a97eff50a8354245833c2a49e18ceda fetchmailconf-5.9.0-21.7.3.el2.1.4.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: fab2904aa98dfe5fe2eb75f6102b3732 fetchmail-5.9.0-21.7.3.el2.1.4.src.rpm

i386: e31563e2dfc8c932217bd1c7f7b1240b fetchmail-5.9.0-21.7.3.el2.1.4.i386.rpm 9a97eff50a8354245833c2a49e18ceda fetchmailconf-5.9.0-21.7.3.el2.1.4.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS: 786e014898c168c69f44da351ca0522b fetchmail-6.2.0-3.el3.3.src.rpm

i386: d35be6f0a4f0e4b9a2fcdd134bf5da53 fetchmail-6.2.0-3.el3.3.i386.rpm a510ee49f4ca088b480d7762085f3e8d fetchmail-debuginfo-6.2.0-3.el3.3.i386.rpm

ia64: eb95e7909232fcc77c4ecf6ebd260580 fetchmail-6.2.0-3.el3.3.ia64.rpm 577cbd3f17e1ac11ebbf585fe7050881 fetchmail-debuginfo-6.2.0-3.el3.3.ia64.rpm

ppc: 057e6c3f061f3a745d9c53e182d152cb fetchmail-6.2.0-3.el3.3.ppc.rpm 7701074d387923319b195cc3e368b960 fetchmail-debuginfo-6.2.0-3.el3.3.ppc.rpm

s390: ccd9e8d06484c8a7ac748dfa46c0b8f2 fetchmail-6.2.0-3.el3.3.s390.rpm 7657fa6b53b1107a18aa7869ec771bd7 fetchmail-debuginfo-6.2.0-3.el3.3.s390.rpm

s390x: 7974a79684df3749e326b5a96b054616 fetchmail-6.2.0-3.el3.3.s390x.rpm e7eaf5ae18697113bd81961c4a3e55a1 fetchmail-debuginfo-6.2.0-3.el3.3.s390x.rpm

x86_64: d4ac2065f887e9ae72dda8aeedd697e7 fetchmail-6.2.0-3.el3.3.x86_64.rpm 81354d8098561020166e6cc0ed3a9d8e fetchmail-debuginfo-6.2.0-3.el3.3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: 786e014898c168c69f44da351ca0522b fetchmail-6.2.0-3.el3.3.src.rpm

i386: d35be6f0a4f0e4b9a2fcdd134bf5da53 fetchmail-6.2.0-3.el3.3.i386.rpm a510ee49f4ca088b480d7762085f3e8d fetchmail-debuginfo-6.2.0-3.el3.3.i386.rpm

x86_64: d4ac2065f887e9ae72dda8aeedd697e7 fetchmail-6.2.0-3.el3.3.x86_64.rpm 81354d8098561020166e6cc0ed3a9d8e fetchmail-debuginfo-6.2.0-3.el3.3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: 786e014898c168c69f44da351ca0522b fetchmail-6.2.0-3.el3.3.src.rpm

i386: d35be6f0a4f0e4b9a2fcdd134bf5da53 fetchmail-6.2.0-3.el3.3.i386.rpm a510ee49f4ca088b480d7762085f3e8d fetchmail-debuginfo-6.2.0-3.el3.3.i386.rpm

ia64: eb95e7909232fcc77c4ecf6ebd260580 fetchmail-6.2.0-3.el3.3.ia64.rpm 577cbd3f17e1ac11ebbf585fe7050881 fetchmail-debuginfo-6.2.0-3.el3.3.ia64.rpm

x86_64: d4ac2065f887e9ae72dda8aeedd697e7 fetchmail-6.2.0-3.el3.3.x86_64.rpm 81354d8098561020166e6cc0ed3a9d8e fetchmail-debuginfo-6.2.0-3.el3.3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: 786e014898c168c69f44da351ca0522b fetchmail-6.2.0-3.el3.3.src.rpm

i386: d35be6f0a4f0e4b9a2fcdd134bf5da53 fetchmail-6.2.0-3.el3.3.i386.rpm a510ee49f4ca088b480d7762085f3e8d fetchmail-debuginfo-6.2.0-3.el3.3.i386.rpm

ia64: eb95e7909232fcc77c4ecf6ebd260580 fetchmail-6.2.0-3.el3.3.ia64.rpm 577cbd3f17e1ac11ebbf585fe7050881 fetchmail-debuginfo-6.2.0-3.el3.3.ia64.rpm

x86_64: d4ac2065f887e9ae72dda8aeedd697e7 fetchmail-6.2.0-3.el3.3.x86_64.rpm 81354d8098561020166e6cc0ed3a9d8e fetchmail-debuginfo-6.2.0-3.el3.3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS: 3c4f4b1ddbb6ce8ffc4d725e17acc9a7 fetchmail-6.2.5-6.el4.5.src.rpm

i386: 3e2ab1a0a90e68e25290e834b9b3fc30 fetchmail-6.2.5-6.el4.5.i386.rpm 85d86e137158281b3e59ad77bdef489c fetchmail-debuginfo-6.2.5-6.el4.5.i386.rpm

ia64: ccc7ed6a3de49200aa3c86dd1919bb0a fetchmail-6.2.5-6.el4.5.ia64.rpm 75ad1e0cc2c6d72baa0ea9e9122c2501 fetchmail-debuginfo-6.2.5-6.el4.5.ia64.rpm

ppc: 9b781df3ade717d6276af0c922a13b22 fetchmail-6.2.5-6.el4.5.ppc.rpm 8a12686eb7df7a4cd789bc1e371d8441 fetchmail-debuginfo-6.2.5-6.el4.5.ppc.rpm

s390: 62dcc2fed3115cafaedff2db94e35377 fetchmail-6.2.5-6.el4.5.s390.rpm dc72a4bc097f2c3fb614b987fb618b52 fetchmail-debuginfo-6.2.5-6.el4.5.s390.rpm

s390x: 1e8b28798ad17fd9d498cfbd5e8f5820 fetchmail-6.2.5-6.el4.5.s390x.rpm dd46c126b674008eb8ed9f91e419c045 fetchmail-debuginfo-6.2.5-6.el4.5.s390x.rpm

x86_64: 806adc07ed6a1ec9a3e24f59e9e143c9 fetchmail-6.2.5-6.el4.5.x86_64.rpm 89821346e8d9cf156a46ac53fbf8142e fetchmail-debuginfo-6.2.5-6.el4.5.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS: 3c4f4b1ddbb6ce8ffc4d725e17acc9a7 fetchmail-6.2.5-6.el4.5.src.rpm

i386: 3e2ab1a0a90e68e25290e834b9b3fc30 fetchmail-6.2.5-6.el4.5.i386.rpm 85d86e137158281b3e59ad77bdef489c fetchmail-debuginfo-6.2.5-6.el4.5.i386.rpm

x86_64: 806adc07ed6a1ec9a3e24f59e9e143c9 fetchmail-6.2.5-6.el4.5.x86_64.rpm 89821346e8d9cf156a46ac53fbf8142e fetchmail-debuginfo-6.2.5-6.el4.5.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS: 3c4f4b1ddbb6ce8ffc4d725e17acc9a7 fetchmail-6.2.5-6.el4.5.src.rpm

i386: 3e2ab1a0a90e68e25290e834b9b3fc30 fetchmail-6.2.5-6.el4.5.i386.rpm 85d86e137158281b3e59ad77bdef489c fetchmail-debuginfo-6.2.5-6.el4.5.i386.rpm

ia64: ccc7ed6a3de49200aa3c86dd1919bb0a fetchmail-6.2.5-6.el4.5.ia64.rpm 75ad1e0cc2c6d72baa0ea9e9122c2501 fetchmail-debuginfo-6.2.5-6.el4.5.ia64.rpm

x86_64: 806adc07ed6a1ec9a3e24f59e9e143c9 fetchmail-6.2.5-6.el4.5.x86_64.rpm 89821346e8d9cf156a46ac53fbf8142e fetchmail-debuginfo-6.2.5-6.el4.5.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS: 3c4f4b1ddbb6ce8ffc4d725e17acc9a7 fetchmail-6.2.5-6.el4.5.src.rpm

i386: 3e2ab1a0a90e68e25290e834b9b3fc30 fetchmail-6.2.5-6.el4.5.i386.rpm 85d86e137158281b3e59ad77bdef489c fetchmail-debuginfo-6.2.5-6.el4.5.i386.rpm

ia64: ccc7ed6a3de49200aa3c86dd1919bb0a fetchmail-6.2.5-6.el4.5.ia64.rpm 75ad1e0cc2c6d72baa0ea9e9122c2501 fetchmail-debuginfo-6.2.5-6.el4.5.ia64.rpm

x86_64: 806adc07ed6a1ec9a3e24f59e9e143c9 fetchmail-6.2.5-6.el4.5.x86_64.rpm 89821346e8d9cf156a46ac53fbf8142e fetchmail-debuginfo-6.2.5-6.el4.5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package

Summary

References

https://www.cve.org/CVERecord?id=CVE-2005-4348 https://www.cve.org/CVERecord?id=CVE-2006-5867 https://www.berlios.de/software/fetchmail/ https://www.berlios.de/software/fetchmail/ https://access.redhat.com/security/updates/classification#moderate

Package List


Advisory ID: RHSA-2007:0018-01
Issue date: 2007-01-31
Updated on: 2007-01-31
Product: Red Hat Enterprise Linux
Keywords: multidrop TLS POP3

Topic

Relevant Releases Architectures

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64

Red Hat Linux Advanced Workstation 2.1 - ia64

Red Hat Enterprise Linux ES version 2.1 - i386

Red Hat Enterprise Linux WS version 2.1 - i386

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Desktop version 3 - i386, x86_64

Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here