USN-233-1: fetchmail vulnerability
Posted on: 01/02/2006 08:52 PM

A new fetchmail vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-233-1 January 02, 2006
fetchmail vulnerability
CVE-2005-4348
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

fetchmail

The problem can be corrected by upgrading the affected package to
version 6.2.5-8ubuntu2.3 (for Ubuntu 4.10), 6.2.5-12ubuntu1.3 (for
Ubuntu 5.04), or 6.2.5-13ubuntu3.2 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Steve Fosdick discovered a remote Denial of Service vulnerability in
fetchmail. When using fetchmail in 'multidrop' mode, a malicious email
server could cause a crash by sending an email without any headers.
Since fetchmail is commonly called automatically (with cron, for
example), this crash could go unnoticed.


Updated packages for Ubuntu 4.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-12ubuntu1.3.diff.gz
Size/MD5: 151315 a832d3536f810689cfb51904577afe31
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-12ubuntu1.3.dsc
Size/MD5: 656 90dd7402e4cec15abe0bf45e6c274503
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5.orig.tar.gz
Size/MD5: 1257376 9956b30139edaa4f5f77c4d0dbd80225

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmail-ssl_6.2.5-12ubuntu1.3_all.deb
Size/MD5: 42434 a7ef705546ce8f4e603075f39a6dde4b
http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmailconf_6.2.5-12ubuntu1.3_all.deb
Size/MD5: 101538 389cd71986280ab56fcbba0e404604f6

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-12ubuntu1.3_amd64.deb
Size/MD5: 297028 067506bbeffaadd42306539a4997e370

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-12ubuntu1.3_i386.deb
Size/MD5: 286240 d5c068f89b48562716e016450e2248df

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-12ubuntu1.3_powerpc.deb
Size/MD5: 296246 544f5b58795c986c7a252cc2e2a8727f

Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-8ubuntu2.3.diff.gz
Size/MD5: 137257 f0ceaf752282a062c999b384b8b7ff55
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-8ubuntu2.3.dsc
Size/MD5: 639 85458cbf69ba7f067527d80ac7ceb4b3
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5.orig.tar.gz
Size/MD5: 1257376 9956b30139edaa4f5f77c4d0dbd80225

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmailconf_6.2.5-8ubuntu2.3_all.deb
Size/MD5: 101674 8a30c5316f2ea1fcce14b3c36ba370bf

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-8ubuntu2.3_amd64.deb
Size/MD5: 555760 8d4672ed29e7dbe60d9a4f473158aa61

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-8ubuntu2.3_i386.deb
Size/MD5: 546362 0cbed65c2404592f5e1bd055574fe53b

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-8ubuntu2.3_powerpc.deb
Size/MD5: 556200 3927a92d2deba7534c5a67bbdecc77fc

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-13ubuntu3.2.diff.gz
Size/MD5: 131595 f8ee0c74b53ffb107a8f9b8d9ded75d1
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-13ubuntu3.2.dsc
Size/MD5: 830 64e499d812a87ad755bcd32b352f2b00
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5.orig.tar.gz
Size/MD5: 1257376 9956b30139edaa4f5f77c4d0dbd80225

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmail-ssl_6.2.5-13ubuntu3.2_all.deb
Size/MD5: 42940 7a6644925b26ac82e571c8a191df1d3e
http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmailconf_6.2.5-13ubuntu3.2_all.deb
Size/MD5: 102024 36fe4801b83466c7b4aad98fd64505b7

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-13ubuntu3.2_amd64.deb
Size/MD5: 299512 5b3da4915bcff58587ba8d7f8262a09c

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-13ubuntu3.2_i386.deb
Size/MD5: 286284 bd2eb14e845caaec8f157c5591e7ee5e

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.2.5-13ubuntu3.2_powerpc.deb
Size/MD5: 297134 9b60cdcc559a884589943c136359b336

--hK8Uo4Yp55NZU70L
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDuXITDecnbV4Fd/IRAi8UAJ90Jm7JK30w/ClbFs10w4JM1S8RrwCgpxJN
13H7D+PpyAWO5ke1a4ZKMTY=
=2hjO
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_233_1_fetchmail_vulnerability.html)