Fedora Core 3 Update: fetchmail-6.2.5-7.fc3.1 - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: March 16th, 2010

Linux Advisory Watch: March 14th, 2010

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Fedora Core 3 Update: fetchmail-6.2.5-7.fc3.1

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas

A buffer overflow was discovered in fetchmail's POP3 client. A malicious server could cause fetchmail to execute arbitrary code. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2355 to this issue. All fetchmail users should upgrade to the updated package, which fixes this issue.

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-614
2005-07-21
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : fetchmail
Version     : 6.2.5                      
Release     : 7.fc3.1                  
Summary     : A remote mail retrieval and forwarding utility.
Description :
Fetchmail is a remote mail retrieval and forwarding utility intended
for use over on-demand TCP/IP links, like SLIP or PPP connections.
Fetchmail supports every remote-mail protocol currently in use on the
Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6,
and IPSEC) for retrieval. Then Fetchmail forwards the mail through
SMTP so you can read it through your favorite mail client.

Install fetchmail if you need to retrieve mail over SLIP or PPP
connections.

---------------------------------------------------------------------
Update Information:

A buffer overflow was discovered in fetchmail's POP3 client. A malicious
server could cause fetchmail to execute arbitrary code.

The Common Vulnerabilities and Exposures project has assigned the name
CAN-2005-2355 to this issue.

All fetchmail users should upgrade to the updated package, which fixes this issue.
---------------------------------------------------------------------
* Thu Jul 21 2005 Miloslav Trmac  - 6.2.5-7.fc4.1
- Fix CAN-2005-2355 (#163819, patch by Ludwig Nussel)

* Wed Mar 16 2005 Nalin Dahyabhai  6.2.5-7
- stop using one of the libkrb5 private functions


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

550fbe893b901e7fc028765819409b8a  SRPMS/fetchmail-6.2.5-7.fc3.1.src.rpm
14376533cb1e770d8019960596f29dd1  x86_64/fetchmail-6.2.5-7.fc3.1.x86_64.rpm
372ec66fb81998200b4ba0228f77b943  x86_64/debug/fetchmail-debuginfo-6.2.5-7.fc3.1.x86_64.rpm
62947fe15ecc12933cbcdbdfcb87412b  i386/fetchmail-6.2.5-7.fc3.1.i386.rpm
69b34d188aaa91ca770789eb582dc8ca  i386/debug/fetchmail-debuginfo-6.2.5-7.fc3.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list