Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Slackware 12.2 Fetchmail Critical SSL Impersonation Fix - SSA:2009-218-01

slackware
Calendar Grey August 6, 2009
Dist Slackware Esm H88
Immediate update for Fetchmail on Slackware versions 8.1 through 12.2 mitigates SSL-related security threats. Upgrade immediately!
New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to a fix security issue

Summary

Here are the details from the Slackware 12.2 ChangeLog: n/fetchmail-6.3.11-i486-1_slack12.0.tgz: Upgraded. This update fixes an SSL NUL prefix impersonation attack through NULs in a part of a X.509 certificate's CommonName and subjectAltName fields. For more information, see: https://www.cve.org/CVERecord?id=CVE-2009-2666 (* Security fix *)

Topics%20covered

Topics Covered

security advisory security issue fetchmail critical Slackware SSL impersonation

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 8.1:
Updated package for Slackware 9.0:
Updated package for Slackware 9.1:
Updated package for Slackware 10.0:
Updated package for Slackware 10.1:
Updated package for Slackware 10.2:
Updated package for Slackware 11.0:
Updated package for Slackware 12.0:
Updated package for Slackware 12.1:
Updated package for Slackware 12.2:
Updated package for Slackware -current:
Updated package for Slackware64 -current:

MD5 Signatures

Slackware 8.1 package: 62eb603b7595bd47231ef334e3e21bf9 fetchmail-6.3.11-i386-1_slack8.1.tgz
Slackware 9.0 package: b4e28a6d5b1f6c7981077d095e7d5659 fetchmail-6.3.11-i386-1_slack9.0.tgz
Slackware 9.1 package: 4a970c015174591e228d6e971709d6cf fetchmail-6.3.11-i486-1_slack9.1.tgz
Slackware 10.0 package: 23aebad2dfee1e170cfd1179afbbe90f fetchmail-6.3.11-i486-1_slack10.0.tgz
Slackware 10.1 package: 201a29f85084cf0ba2c9e362ae12cdb1 fetchmail-6.3.11-i486-1_slack10.1.tgz
Slackware 10.2 package: 03c425a6c391bbe7d8fe64d97097c664 fetchmail-6.3.11-i486-1_slack10.2.tgz
Slackware 11.0 package: 4eb1710ec33b4d2770df6b93734519d0 fetchmail-6.3.11-i486-1_slack11.0.tgz
Slackware 12.0 package: 36797994f28beaf9bf8a8bed9e12a144 fetchmail-6.3.11-i486-1_slack12.0.tgz
Slackware 12.1 package: 916a5de06359934dd627dad6cc0918aa fetchmail-6.3.11-i486-1_slack12.1.tgz
Slackware 12.2 package: a48d7ec3f5eea1df790221c49600b799 fetchmail-6.3.11-i486-1_slack12.2.tgz
Slackware -current package: 8a9b73e382b8d9bbb2c1db0ca1759112 fetchmail-6.3.11-i486-1.txz
Slackware64 -current package: 890c4912a191c6f90df12a2e431ab340 fetchmail-6.3.11-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory security issue fetchmail critical Slackware SSL impersonation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg fetchmail-6.3.11-i486-1_slack12.2.tgz

Related News

Your message here