MDKSA-2005:126 - Updated fetchmail packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: fetchmail
Advisory ID: MDKSA-2005:126
Date: July 28th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A buffer overflow was discovered in fetchmail's POP3 client which
could allow a malicious server to send a carefully crafted message
UID, causing fetchmail to crash or potentially execute arbitrary
code as the user running fetchmail.
The updated packages have been patched to address this problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2335
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
563f08174b32d11c7d072a7c86672cd6 10.1/RPMS/fetchmail-6.2.5-5.1.101mdk.i586.rpm
322f5e01a8ccf9611119bf56c81b3c34
10.1/RPMS/fetchmail-daemon-6.2.5-5.1.101mdk.i586.rpm
b41cd62c89bd4e728107b8fadb3d10dd
10.1/RPMS/fetchmailconf-6.2.5-5.1.101mdk.i586.rpm
9193b1c0ccf4d8dc1158a2707ff73628 10.1/SRPMS/fetchmail-6.2.5-5.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
e160ad934bb3007cf35c050006bd9bec
x86_64/10.1/RPMS/fetchmail-6.2.5-5.1.101mdk.x86_64.rpm
193c90622e9279417f0d89e7368162d2
x86_64/10.1/RPMS/fetchmail-daemon-6.2.5-5.1.101mdk.x86_64.rpm
8b29df74bc7cc01ad0e57052908d96fb
x86_64/10.1/RPMS/fetchmailconf-6.2.5-5.1.101mdk.x86_64.rpm
9193b1c0ccf4d8dc1158a2707ff73628
x86_64/10.1/SRPMS/fetchmail-6.2.5-5.1.101mdk.src.rpm
Mandrakelinux 10.2:
f25ca14a570b18627309b1ec6d6118bb
10.2/RPMS/fetchmail-6.2.5-10.1.102mdk.i586.rpm
afdcff56a05aebf22b7cd138166d4ca7
10.2/RPMS/fetchmail-daemon-6.2.5-10.1.102mdk.i586.rpm
6d58bd3064e22875011b97cee9c2d809
10.2/RPMS/fetchmailconf-6.2.5-10.1.102mdk.i586.rpm
7d6ab32632446ed61fc18591f1c2fd00
10.2/SRPMS/fetchmail-6.2.5-10.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
8f0f018bb2807d5285ae2ef05bb57107
x86_64/10.2/RPMS/fetchmail-6.2.5-10.1.102mdk.x86_64.rpm
870f31b16001b83be84e51cc93a92200
x86_64/10.2/RPMS/fetchmail-daemon-6.2.5-10.1.102mdk.x86_64.rpm
2f464f9c3409880ef9c457b9986ae712
x86_64/10.2/RPMS/fetchmailconf-6.2.5-10.1.102mdk.x86_64.rpm
7d6ab32632446ed61fc18591f1c2fd00
x86_64/10.2/SRPMS/fetchmail-6.2.5-10.1.102mdk.src.rpm
Corporate Server 2.1:
96185810b7b4ad91d4986fd0d946a15d
corporate/2.1/RPMS/fetchmail-6.1.0-1.3.C21mdk.i586.rpm
268fdaf86ca3f5f33b9c1ac0a00efc4a
corporate/2.1/RPMS/fetchmail-daemon-6.1.0-1.3.C21mdk.i586.rpm
647d592ec242a09fa869da6f37660299
corporate/2.1/RPMS/fetchmailconf-6.1.0-1.3.C21mdk.i586.rpm
8d3e996da39619613de0046e7c9cb459
corporate/2.1/SRPMS/fetchmail-6.1.0-1.3.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
d19fab3b9b57c4f9c9e4fe6aebd6ea81
x86_64/corporate/2.1/RPMS/fetchmail-6.1.0-1.3.C21mdk.x86_64.rpm
587dc00b22b6fd4e9b17f5bdb26457f6
x86_64/corporate/2.1/RPMS/fetchmail-daemon-6.1.0-1.3.C21mdk.x86_64.rpm
1d44d1c54e69049966b222ada486e633
x86_64/corporate/2.1/RPMS/fetchmailconf-6.1.0-1.3.C21mdk.x86_64.rpm
8d3e996da39619613de0046e7c9cb459
x86_64/corporate/2.1/SRPMS/fetchmail-6.1.0-1.3.C21mdk.src.rpm
Corporate 3.0:
9d67bcb3d6485a0ffb243f9ed23cda22
corporate/3.0/RPMS/fetchmail-6.2.5-3.1.C30mdk.i586.rpm
f9283b89d96efbbb8f2ce98abe00c563
corporate/3.0/RPMS/fetchmail-daemon-6.2.5-3.1.C30mdk.i586.rpm
4c170dbe398c93923d2a106dc6275c2e
corporate/3.0/RPMS/fetchmailconf-6.2.5-3.1.C30mdk.i586.rpm
f7c51eab215fe7c2e46baf154c315d26
corporate/3.0/SRPMS/fetchmail-6.2.5-3.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
6e40e50873f3ca1b49d948e1a3be052a
x86_64/corporate/3.0/RPMS/fetchmail-6.2.5-3.1.C30mdk.x86_64.rpm
77d83cddcb9d2daf4b04a8ce09da90b7
x86_64/corporate/3.0/RPMS/fetchmail-daemon-6.2.5-3.1.C30mdk.x86_64.rpm
a90e50cc1bbec81fbc8949ef5da5b87f
x86_64/corporate/3.0/RPMS/fetchmailconf-6.2.5-3.1.C30mdk.x86_64.rpm
f7c51eab215fe7c2e46baf154c315d26
x86_64/corporate/3.0/SRPMS/fetchmail-6.2.5-3.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFC6bQymqjQ0CJFipgRAmfLAJwKvk84UihIhXCD1wdz9nm+CpBwLACfWhfT
sYLrf/Af0isUirXO73e/Ygg=
=paDW
-----END PGP SIGNATURE-----