Stay Secure with the Latest Linux Advisories

security advisoryFedoramalicious attack

Fedora: 2020-13ae5f7221 Moderate: libetpan Response Injection Risk

A security flaw was found on libetpan which may allow malicious attacker to inject additional responses or mimic whole sessions. This vulnerability is now assined as CVE-2020-15953. This new rpm should fix this issue.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-13ae5f7221 2020-08-19 00:51:10.926437 --------------------------------------------------------------------------------Name : libetpan Product : Fedora 32 Version : 1.9.4 Release : 4.fc32 URL : Summary : Portable, efficient middle-ware for different kinds of mail access Description : The purpose of this mail library is to provide a portable, efficient middle-ware for different kinds of mail access. When using the drivers interface, the interface is the same for all kinds of mail access, remote and local mailboxes. --------------------------------------------------------------------------------Update Information: A security flaw was found on libetpan which may allow malicious attacker to inject additional responses or mimic whole sessions. This vulnerability is now assined as CVE-2020-15953. This new rpm should fix this issue. --------------------------------------------------------------------------------ChangeLog: * Mon Aug 10 2020 Mamoru TASAKA - 1.9.4-4 - Address CVE-2020-15953 (bug 1861068) * Tue Jul 28 2020 Fedora Release Engineering - 1.9.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1861071 - CVE-2020-15953 libetpan: response injection via STARTTLS in IMAP [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1861071 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-13ae5f7221' at the command line. For more information, refer to thednf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . A Fedora patch resolves a vulnerability in libetpan that could enable session spoofing and input manipulation by malicious actors.. libetpan Flaw, Fedora Security Update, Response Injection Risk. . LinuxSecurity.com Team

Aug 18, 2020 Fedora