LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated fetchmail packages fix DoS vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability in fetchmail was found where it could crash when attempting to deliver an internal warning or error message through an untrusted or compromised SMTP server, leading to a denial of service. Updated packages have been patched to prevent these issues.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:179
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : fetchmail
 Date    : September 11, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability in fetchmail was found where it could crash when
 attempting to deliver an internal warning or error message through an
 untrusted or compromised SMTP server, leading to a denial of service.
 
 Updated packages have been patched to prevent these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4565
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 ec4f5dea69e44968c18ed13aec63fbc4  2007.0/i586/fetchmail-6.3.4-3.3mdv2007.0.i586.rpm
 6714594d428e0e2e0ed3e677c7813fda  2007.0/i586/fetchmail-daemon-6.3.4-3.3mdv2007.0.i586.rpm
 4d2fbbf2de3d9204647f5a3cd7991e56  2007.0/i586/fetchmailconf-6.3.4-3.3mdv2007.0.i586.rpm 
 47b05bee8f922fe043863399cad72818  2007.0/SRPMS/fetchmail-6.3.4-3.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 1bd5250e46911f1c58e29d99c3ca7b70  2007.0/x86_64/fetchmail-6.3.4-3.3mdv2007.0.x86_64.rpm
 3f9aefbedfdc5dcd888c77314827eb41  2007.0/x86_64/fetchmail-daemon-6.3.4-3.3mdv2007.0.x86_64.rpm
 899116e39b78dc4184c4f4a1a8d839ff  2007.0/x86_64/fetchmailconf-6.3.4-3.3mdv2007.0.x86_64.rpm 
 47b05bee8f922fe043863399cad72818  2007.0/SRPMS/fetchmail-6.3.4-3.3mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 01a5cdfd3329fc919b76bbbd955f1765  2007.1/i586/fetchmail-6.3.6-1.2mdv2007.1.i586.rpm
 cdc7413cca7f26b5f10a2ade1412f05e  2007.1/i586/fetchmail-daemon-6.3.6-1.2mdv2007.1.i586.rpm
 01de767500146bb7f00e5282267cc348  2007.1/i586/fetchmailconf-6.3.6-1.2mdv2007.1.i586.rpm 
 36ae6d7fa6fd77a2925e5ac64e7a0394  2007.1/SRPMS/fetchmail-6.3.6-1.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 3a5fd389cb5ab9d3e66772df25a5d081  2007.1/x86_64/fetchmail-6.3.6-1.2mdv2007.1.x86_64.rpm
 a9ea49f814c8305ad5b845d5afd11db2  2007.1/x86_64/fetchmail-daemon-6.3.6-1.2mdv2007.1.x86_64.rpm
 20cd90c65804e6272fdf8f95586799e4  2007.1/x86_64/fetchmailconf-6.3.6-1.2mdv2007.1.x86_64.rpm 
 36ae6d7fa6fd77a2925e5ac64e7a0394  2007.1/SRPMS/fetchmail-6.3.6-1.2mdv2007.1.src.rpm

 Corporate 3.0:
 c467b462473a61160ef0f00a1fae355e  corporate/3.0/i586/fetchmail-6.2.5-3.6.C30mdk.i586.rpm
 781126a4db0c738eac5cdd9ec8cc5981  corporate/3.0/i586/fetchmail-daemon-6.2.5-3.6.C30mdk.i586.rpm
 ae3874e52845214fb1bf7eecdc6abf84  corporate/3.0/i586/fetchmailconf-6.2.5-3.6.C30mdk.i586.rpm 
 230cbc53c8bbba90c486708fff76abea  corporate/3.0/SRPMS/fetchmail-6.2.5-3.6.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 eb699fd754ebd4946bfe7c026f6f2e42  corporate/3.0/x86_64/fetchmail-6.2.5-3.6.C30mdk.x86_64.rpm
 e7ecb2da9c3d73f3b0a5cebf13930f7e  corporate/3.0/x86_64/fetchmail-daemon-6.2.5-3.6.C30mdk.x86_64.rpm
 b6bfcbc53aabb69d1c07d0fb0a8afed8  corporate/3.0/x86_64/fetchmailconf-6.2.5-3.6.C30mdk.x86_64.rpm 
 230cbc53c8bbba90c486708fff76abea  corporate/3.0/SRPMS/fetchmail-6.2.5-3.6.C30mdk.src.rpm

 Corporate 4.0:
 81cfe01e0da3ca09cf7c4ac39bdf48d1  corporate/4.0/i586/fetchmail-6.2.5-11.5.20060mlcs4.i586.rpm
 40b38bce6f851cf3165b0e8a8f5f3c50  corporate/4.0/i586/fetchmail-daemon-6.2.5-11.5.20060mlcs4.i586.rpm
 d7c94a1d6e803c00e5c05f0aa0efc477  corporate/4.0/i586/fetchmailconf-6.2.5-11.5.20060mlcs4.i586.rpm 
 3efc2789b3ea0582b5c6ec70d65ddff5  corporate/4.0/SRPMS/fetchmail-6.2.5-11.5.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 58c9d8daa4ba5a11b96b4373d9f2b45c  corporate/4.0/x86_64/fetchmail-6.2.5-11.5.20060mlcs4.x86_64.rpm
 a9e54ac1f2a56a0ceca4663e1b970201  corporate/4.0/x86_64/fetchmail-daemon-6.2.5-11.5.20060mlcs4.x86_64.rpm
 de9f1acd42b3a445e9fe8c74b4b90094  corporate/4.0/x86_64/fetchmailconf-6.2.5-11.5.20060mlcs4.x86_64.rpm 
 3efc2789b3ea0582b5c6ec70d65ddff5  corporate/4.0/SRPMS/fetchmail-6.2.5-11.5.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
USB is now UEC (use with extreme caution)
iPhone Encryption and the Return of the Crypto Wars
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.