Stay Secure with the Latest Linux Advisories

security advisoryFedorabug fix

Fedora 36: FEDORA-2022-de3e565494 moderate: libetpan STATUS Issue

A potential bug is found on libetpan that when IMAP client receives invalid STATUS response, an invalid free can occur on mailimap_mailbox_data_status_free(). This bug is now assigned as CVE-2022-4121. Although the formal fix is under discussion, this update rpm adds a quick fix for this issue.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-de3e565494 2022-12-02 01:36:47.412982 --------------------------------------------------------------------------------Name : libetpan Product : Fedora 36 Version : 1.9.4 Release : 9.fc36 URL : Summary : Portable, efficient middle-ware for different kinds of mail access Description : The purpose of this mail library is to provide a portable, efficient middle-ware for different kinds of mail access. When using the drivers interface, the interface is the same for all kinds of mail access, remote and local mailboxes. --------------------------------------------------------------------------------Update Information: A potential bug is found on libetpan that when IMAP client receives invalid STATUS response, an invalid free can occur on mailimap_mailbox_data_status_free(). This bug is now assigned as CVE-2022-4121. Although the formal fix is under discussion, this update rpm adds a quick fix for this issue. --------------------------------------------------------------------------------ChangeLog: * Wed Nov 23 2022 Mamoru TASAKA - 1.9.4-9 - Workaround for CVE-2022-4121 (bug 2144914) * Thu Jul 21 2022 Fedora Release Engineering - 1.9.4-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #2144915 - libetpan: Null pointer dereference in mailimap_mailbox_data_status_free in low-level/imap/mailimap_types.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2144915 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-de3e565494' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . A flaw has been discovered within libetpan that impacts email retrieval on Fedora systems. This patch offers a timely solution to rectify the problem.. libetpan Update, IMAP Client Fix, Fedora Notification. . LinuxSecurity.com Team

Dec 02, 2022 Fedora