=========================================================== 
Ubuntu Security Notice USN-520-1         September 26, 2007
fetchmail vulnerabilities
CVE-2007-1558, CVE-2007-4565
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  fetchmail                       6.3.2-2ubuntu2.2

Ubuntu 6.10:
  fetchmail                       6.3.4-1ubuntu4.2

Ubuntu 7.04:
  fetchmail                       6.3.6-1ubuntu2.1

In general, a standard system upgrade is sufficient to affect the
necessary changes.

Details follow:

Gaetan Leurent discovered a vulnerability in the APOP protocol based
on MD5 collisions. As fetchmail supports the APOP protocol, this
vulnerability can be used by attackers to discover a portion of the APOP
user's authentication credentials. (CVE-2007-1558)

Earl Chew discovered that fetchmail can be made to de-reference a NULL
pointer when contacting SMTP servers. This vulnerability can be used
by attackers who control the SMTP server to crash fetchmail and cause
a denial of service. (CVE-2007-4565)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:   190508 b6f34c90edfb5be3fa625572e440d46f
          Size/MD5:      766 b0ee07dc6149dff8fcabf8e3806fb14c
          Size/MD5:  1522264 a661735496077232acedb82a901fa499

  Architecture independent packages:

          Size/MD5:   114918 183fcecaabaa9fd0dc78f5fa0cf66899

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   346852 0562c7d3159da530a247492eb4c83c17

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   333422 1d96517ee7118ddb6c154b42f20282c3

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   345546 1ab1bc976af5e02880ccfeb277a1e3ab

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   339632 5eae85ff0d41ca36030c985d828cc1b9

Updated packages for Ubuntu 6.10:

  Source archives:

          Size/MD5:    54883 9f96afa7114c4ff7d83d52ddff3a7734
          Size/MD5:      765 5896f0d44a778f5aa234e5645fde1d1c
          Size/MD5:  1313880 023a27d8281e5362323dec3e1ccca1c8

  Architecture independent packages:

          Size/MD5:    60460 60c7b0de630485e35a5ab49c14ab5dc3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   350904 da444d4475fae7453552a5112124912d

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   341816 5367a81a858f9c590c4a4947f1a45983

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   350320 d82081bf97a28bc745a5342cfba46988

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   345394 745ec98c5d2dec4bf6d630650798e92a

Updated packages for Ubuntu 7.04:

  Source archives:

          Size/MD5:    56402 05af2c1bb84df24da58935e51d7b6002
          Size/MD5:      966 8dee518a1b9c90ff5bd5f3eb6a007c1d
          Size/MD5:  1680200 04175459cdf32fdb10d9e8fc46b633c3

  Architecture independent packages:

          Size/MD5:    63826 dd31c4c75cd18947cc49ae649ac8717f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   376182 19d7655fafa90d200b5defae11de58ac

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   365590 a54d1d43f960ae118a4dee6b3aba4a42

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   377260 eb1373f300d8ea78b944bb788d9ca6dd

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   370316 9211fd7fb44b2f3d620958b42d3ddaf7

Ubuntu: fetchmail vulnerabilities

September 25, 2007
Gaetan Leurent discovered a vulnerability in the APOP protocol based on MD5 collisions

Summary

Update Instructions

References

Severity
Ubuntu Security Notice USN-520-1 September 26, 2007

Package Information

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved