lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1IVH9S-00032I-3G@artemis.annvix.ca>
Date: Tue, 11 Sep 2007 19:36:22 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2007:179 ] - Updated fetchmail packages fix DoS vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:179
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : fetchmail
 Date    : September 11, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability in fetchmail was found where it could crash when
 attempting to deliver an internal warning or error message through an
 untrusted or compromised SMTP server, leading to a denial of service.
 
 Updated packages have been patched to prevent these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4565
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 ec4f5dea69e44968c18ed13aec63fbc4  2007.0/i586/fetchmail-6.3.4-3.3mdv2007.0.i586.rpm
 6714594d428e0e2e0ed3e677c7813fda  2007.0/i586/fetchmail-daemon-6.3.4-3.3mdv2007.0.i586.rpm
 4d2fbbf2de3d9204647f5a3cd7991e56  2007.0/i586/fetchmailconf-6.3.4-3.3mdv2007.0.i586.rpm 
 47b05bee8f922fe043863399cad72818  2007.0/SRPMS/fetchmail-6.3.4-3.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 1bd5250e46911f1c58e29d99c3ca7b70  2007.0/x86_64/fetchmail-6.3.4-3.3mdv2007.0.x86_64.rpm
 3f9aefbedfdc5dcd888c77314827eb41  2007.0/x86_64/fetchmail-daemon-6.3.4-3.3mdv2007.0.x86_64.rpm
 899116e39b78dc4184c4f4a1a8d839ff  2007.0/x86_64/fetchmailconf-6.3.4-3.3mdv2007.0.x86_64.rpm 
 47b05bee8f922fe043863399cad72818  2007.0/SRPMS/fetchmail-6.3.4-3.3mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 01a5cdfd3329fc919b76bbbd955f1765  2007.1/i586/fetchmail-6.3.6-1.2mdv2007.1.i586.rpm
 cdc7413cca7f26b5f10a2ade1412f05e  2007.1/i586/fetchmail-daemon-6.3.6-1.2mdv2007.1.i586.rpm
 01de767500146bb7f00e5282267cc348  2007.1/i586/fetchmailconf-6.3.6-1.2mdv2007.1.i586.rpm 
 36ae6d7fa6fd77a2925e5ac64e7a0394  2007.1/SRPMS/fetchmail-6.3.6-1.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 3a5fd389cb5ab9d3e66772df25a5d081  2007.1/x86_64/fetchmail-6.3.6-1.2mdv2007.1.x86_64.rpm
 a9ea49f814c8305ad5b845d5afd11db2  2007.1/x86_64/fetchmail-daemon-6.3.6-1.2mdv2007.1.x86_64.rpm
 20cd90c65804e6272fdf8f95586799e4  2007.1/x86_64/fetchmailconf-6.3.6-1.2mdv2007.1.x86_64.rpm 
 36ae6d7fa6fd77a2925e5ac64e7a0394  2007.1/SRPMS/fetchmail-6.3.6-1.2mdv2007.1.src.rpm

 Corporate 3.0:
 c467b462473a61160ef0f00a1fae355e  corporate/3.0/i586/fetchmail-6.2.5-3.6.C30mdk.i586.rpm
 781126a4db0c738eac5cdd9ec8cc5981  corporate/3.0/i586/fetchmail-daemon-6.2.5-3.6.C30mdk.i586.rpm
 ae3874e52845214fb1bf7eecdc6abf84  corporate/3.0/i586/fetchmailconf-6.2.5-3.6.C30mdk.i586.rpm 
 230cbc53c8bbba90c486708fff76abea  corporate/3.0/SRPMS/fetchmail-6.2.5-3.6.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 eb699fd754ebd4946bfe7c026f6f2e42  corporate/3.0/x86_64/fetchmail-6.2.5-3.6.C30mdk.x86_64.rpm
 e7ecb2da9c3d73f3b0a5cebf13930f7e  corporate/3.0/x86_64/fetchmail-daemon-6.2.5-3.6.C30mdk.x86_64.rpm
 b6bfcbc53aabb69d1c07d0fb0a8afed8  corporate/3.0/x86_64/fetchmailconf-6.2.5-3.6.C30mdk.x86_64.rpm 
 230cbc53c8bbba90c486708fff76abea  corporate/3.0/SRPMS/fetchmail-6.2.5-3.6.C30mdk.src.rpm

 Corporate 4.0:
 81cfe01e0da3ca09cf7c4ac39bdf48d1  corporate/4.0/i586/fetchmail-6.2.5-11.5.20060mlcs4.i586.rpm
 40b38bce6f851cf3165b0e8a8f5f3c50  corporate/4.0/i586/fetchmail-daemon-6.2.5-11.5.20060mlcs4.i586.rpm
 d7c94a1d6e803c00e5c05f0aa0efc477  corporate/4.0/i586/fetchmailconf-6.2.5-11.5.20060mlcs4.i586.rpm 
 3efc2789b3ea0582b5c6ec70d65ddff5  corporate/4.0/SRPMS/fetchmail-6.2.5-11.5.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 58c9d8daa4ba5a11b96b4373d9f2b45c  corporate/4.0/x86_64/fetchmail-6.2.5-11.5.20060mlcs4.x86_64.rpm
 a9e54ac1f2a56a0ceca4663e1b970201  corporate/4.0/x86_64/fetchmail-daemon-6.2.5-11.5.20060mlcs4.x86_64.rpm
 de9f1acd42b3a445e9fe8c74b4b90094  corporate/4.0/x86_64/fetchmailconf-6.2.5-11.5.20060mlcs4.x86_64.rpm 
 3efc2789b3ea0582b5c6ec70d65ddff5  corporate/4.0/SRPMS/fetchmail-6.2.5-11.5.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG5xcEmqjQ0CJFipgRAsETAKDn3WWSRn/oCB2e9x5/hVgk9r0fHACfVGKa
vFZk/FEGzn9cd9fFHScSRkA=
=+l52
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ