Bugtraq mailing list archives
[CLA-2002:554] Conectiva Linux Security Announcement - fetchmail
From: secure () conectiva com br
Date: Mon, 16 Dec 2002 18:39:35 -0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : fetchmail SUMMARY : Remote vulnerability DATE : 2002-12-16 18:38:00 ID : CLA-2002:554 RELEVANT RELEASES : 6.0, 7.0, 8 - ------------------------------------------------------------------------- DESCRIPTION Fetchmail is a popular mail retrieval and forwarding utility. Stefan Esser discovered[1] a buffer overflow vulnerability in fetchmail versions prior to 6.1.3 (inclusive) that can be exploited remotelly with the use of specially crafted mail messages. By exploiting this the attacker can crash fetchmail or execute arbitrary code with the privileges of the user running it. The updated packages listed in this announcement include a fix for this problem. SOLUTION All fetchmail users should upgrade. IMPORTANT: if fetchmail is running as a daemon, it will have to be restarted in order to run the new version. REFERENCES: 1.http://security.e-matters.de/advisories/052002.html UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/6.0/RPMS/fetchmail-5.9.12-1U60_4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/fetchmailconf-5.9.12-1U60_4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/fetchmail-doc-5.9.12-1U60_4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/fetchmail-5.9.12-1U60_4cl.src.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/fetchmail-5.9.12-1U70_4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/fetchmailconf-5.9.12-1U70_4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/fetchmail-doc-5.9.12-1U70_4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/fetchmail-5.9.12-1U70_4cl.src.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/fetchmail-5.9.12-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/fetchmailconf-5.9.12-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/fetchmail-doc-5.9.12-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/SRPMS/fetchmail-5.9.12-1U80_3cl.src.rpm ADDITIONAL INSTRUCTIONS Users of Conectiva Linux version 6.0 or higher may use apt to perform upgrades of RPM packages: - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en - ------------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en - ------------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en - ------------------------------------------------------------------------- subscribe: conectiva-updates-subscribe () papaleguas conectiva com br unsubscribe: conectiva-updates-unsubscribe () papaleguas conectiva com br -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9/joG42jd0JmAcZARAhVoAKCCEdNq54z6l0awS+fXic41wITlzwCgkK4V uLsP1zCVD/TX0agAqMk+TwA= =dKgG -----END PGP SIGNATURE-----
Current thread:
- [CLA-2002:554] Conectiva Linux Security Announcement - fetchmail secure (Dec 16)