Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Slackware 11.0: SSA:2007-024-01 Critical: Fetchmail Clear-Text Issue

slackware
Calendar Grey January 24, 2007
Dist Slackware Esm H88
Recent fetchmail updates for Slackware address crucial vulnerabilities across various releases. Updating is strongly advised.
New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix a security issue

Summary

Here are the details from the Slackware 11.0 ChangeLog: patches/packages/fetchmail-6.3.6-i486-1_slack11.0.tgz: Upgraded to fetchmail-6.3.6. This fixes two security issues. First, a bug introduced in fetchmail-6.3.5 could cause fetchmail to crash. However, no stable version of Slackware ever shipped fetchmail-6.3.5. Second, a long standing bug (reported by Isaac Wilcox) could cause fetchmail to send a password in clear text or omit using TLS even when configured otherwise. All fetchmail users are encouraged to consider using getmail, or to upgrade to the new fetchmail packages. For more information, see: https://www.cve.org/CVERecord?id=CVE-2006-5974 https://www.cve.org/CVERecord?id=CVE-2006-5867 (* Security fix *)

Topics%20covered

Topics Covered

security advisory fetchmail slackware security patch linux distribution clear-text issue

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 8.1:
Updated package for Slackware 9.0:
Updated package for Slackware 9.1:
Updated package for Slackware 10.0:
Updated package for Slackware 10.1:
Updated package for Slackware 10.2:
Updated package for Slackware 11.0:

MD5 Signatures

Slackware 8.1 package: 134ddb9615befd410d01ce4f21a8de27 fetchmail-6.3.6-i386-1_slack8.1.tgz
Slackware 9.0 package: c194dfa2d7b747240488a16a85f3130c fetchmail-6.3.6-i386-1_slack9.0.tgz
Slackware 9.1 package: f50a91e22ea16bb751f662e87676eee7 fetchmail-6.3.6-i486-1_slack9.1.tgz
Slackware 10.0 package: 6de04880cf23cf6f90fa848ec5d04c15 fetchmail-6.3.6-i486-1_slack10.0.tgz
Slackware 10.1 package: b342ab7f593d95b5463edd98349aac50 fetchmail-6.3.6-i486-1_slack10.1.tgz
Slackware 10.2 package: e64aeba7bb9b03814c1c97bc7bef478b fetchmail-6.3.6-i486-1_slack10.2.tgz
Slackware 11.0 package: cbb37cdf05946c799ec134389a051e91 fetchmail-6.3.6-i486-1_slack11.0.tgz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory fetchmail slackware security patch linux distribution clear-text issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg fetchmail-6.3.6-i486-1_slack11.0.tgz If fetchmail is running in a daemon mode, restart it after upgrading.

Related News

Your message here