[Security Announce] [ MDKSA-2007:179 ] - Updated fetchmail packages fix DoS vulnerability
Posted on: 09/12/2007 03:10 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:179
http://www.mandriva.com/security/
_______________________________________________________________________

Package : fetchmail
Date : September 11, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

A vulnerability in fetchmail was found where it could crash when
attempting to deliver an internal warning or error message through an
untrusted or compromised SMTP server, leading to a denial of service.

Updated packages have been patched to prevent these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4565
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
ec4f5dea69e44968c18ed13aec63fbc4 2007.0/i586/fetchmail-6.3.4-3.3mdv2007.0.i586.rpm
6714594d428e0e2e0ed3e677c7813fda 2007.0/i586/fetchmail-daemon-6.3.4-3.3mdv2007.0.i586.rpm
4d2fbbf2de3d9204647f5a3cd7991e56 2007.0/i586/fetchmailconf-6.3.4-3.3mdv2007.0.i586.rpm
47b05bee8f922fe043863399cad72818 2007.0/SRPMS/fetchmail-6.3.4-3.3mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
1bd5250e46911f1c58e29d99c3ca7b70 2007.0/x86_64/fetchmail-6.3.4-3.3mdv2007.0.x86_64.rpm
3f9aefbedfdc5dcd888c77314827eb41 2007.0/x86_64/fetchmail-daemon-6.3.4-3.3mdv2007.0.x86_64.rpm
899116e39b78dc4184c4f4a1a8d839ff 2007.0/x86_64/fetchmailconf-6.3.4-3.3mdv2007.0.x86_64.rpm
47b05bee8f922fe043863399cad72818 2007.0/SRPMS/fetchmail-6.3.4-3.3mdv2007.0.src.rpm

Mandriva Linux 2007.1:
01a5cdfd3329fc919b76bbbd955f1765 2007.1/i586/fetchmail-6.3.6-1.2mdv2007.1.i586.rpm
cdc7413cca7f26b5f10a2ade1412f05e 2007.1/i586/fetchmail-daemon-6.3.6-1.2mdv2007.1.i586.rpm
01de767500146bb7f00e5282267cc348 2007.1/i586/fetchmailconf-6.3.6-1.2mdv2007.1.i586.rpm
36ae6d7fa6fd77a2925e5ac64e7a0394 2007.1/SRPMS/fetchmail-6.3.6-1.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
3a5fd389cb5ab9d3e66772df25a5d081 2007.1/x86_64/fetchmail-6.3.6-1.2mdv2007.1.x86_64.rpm
a9ea49f814c8305ad5b845d5afd11db2 2007.1/x86_64/fetchmail-daemon-6.3.6-1.2mdv2007.1.x86_64.rpm
20cd90c65804e6272fdf8f95586799e4 2007.1/x86_64/fetchmailconf-6.3.6-1.2mdv2007.1.x86_64.rpm
36ae6d7fa6fd77a2925e5ac64e7a0394 2007.1/SRPMS/fetchmail-6.3.6-1.2mdv2007.1.src.rpm

Corporate 3.0:
c467b462473a61160ef0f00a1fae355e corporate/3.0/i586/fetchmail-6.2.5-3.6.C30mdk.i586.rpm
781126a4db0c738eac5cdd9ec8cc5981 corporate/3.0/i586/fetchmail-daemon-6.2.5-3.6.C30mdk.i586.rpm
ae3874e52845214fb1bf7eecdc6abf84 corporate/3.0/i586/fetchmailconf-6.2.5-3.6.C30mdk.i586.rpm
230cbc53c8bbba90c486708fff76abea corporate/3.0/SRPMS/fetchmail-6.2.5-3.6.C30mdk.src.rpm

Corporate 3.0/X86_64:
eb699fd754ebd4946bfe7c026f6f2e42 corporate/3.0/x86_64/fetchmail-6.2.5-3.6.C30mdk.x86_64.rpm
e7ecb2da9c3d73f3b0a5cebf13930f7e corporate/3.0/x86_64/fetchmail-daemon-6.2.5-3.6.C30mdk.x86_64.rpm
b6bfcbc53aabb69d1c07d0fb0a8afed8 corporate/3.0/x86_64/fetchmailconf-6.2.5-3.6.C30mdk.x86_64.rpm
230cbc53c8bbba90c486708fff76abea corporate/3.0/SRPMS/fetchmail-6.2.5-3.6.C30mdk.src.rpm

Corporate 4.0:
81cfe01e0da3ca09cf7c4ac39bdf48d1 corporate/4.0/i586/fetchmail-6.2.5-11.5.20060mlcs4.i586.rpm
40b38bce6f851cf3165b0e8a8f5f3c50 corporate/4.0/i586/fetchmail-daemon-6.2.5-11.5.20060mlcs4.i586.rpm
d7c94a1d6e803c00e5c05f0aa0efc477 corporate/4.0/i586/fetchmailconf-6.2.5-11.5.20060mlcs4.i586.rpm
3efc2789b3ea0582b5c6ec70d65ddff5 corporate/4.0/SRPMS/fetchmail-6.2.5-11.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
58c9d8daa4ba5a11b96b4373d9f2b45c corporate/4.0/x86_64/fetchmail-6.2.5-11.5.20060mlcs4.x86_64.rpm
a9e54ac1f2a56a0ceca4663e1b970201 corporate/4.0/x86_64/fetchmail-daemon-6.2.5-11.5.20060mlcs4.x86_64.rpm
de9f1acd42b3a445e9fe8c74b4b90094 corporate/4.0/x86_64/fetchmailconf-6.2.5-11.5.20060mlcs4.x86_64.rpm
3efc2789b3ea0582b5c6ec70d65ddff5 corporate/4.0/SRPMS/fetchmail-6.2.5-11.5.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG5xcEmqjQ0CJFipgRAsETAKDn3WWSRn/oCB2e9x5/hVgk9r0fHACfVGKa
vFZk/FEGzn9cd9fFHScSRkA=
=+l52
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007179__updated_fetchmail_packages_fix_dos_vulnerability.html)