Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
USN-816-1: fetchmail vulnerability
Posted by Bob on: 08/13/2009 12:00 AM [ Print | 0 comment(s) ]
A new fetchmail vulnerability update is available for Ubuntu Linux. Here the announcement:
Ubuntu Security Notice USN-816-1 August 12, 2009
fetchmail vulnerability
CVE-2009-2666
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
fetchmail 6.3.2-2ubuntu2.3
Ubuntu 8.04 LTS:
fetchmail 6.3.8-10ubuntu1.1
Ubuntu 8.10:
fetchmail 6.3.8-11ubuntu3.1
Ubuntu 9.04:
fetchmail 6.3.9~rc2-4ubuntu1.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Moxie Marlinspike discovered that fetchmail did not properly handle
certificates with NULL characters in the certificate name. A remote
attacker could exploit this to perform a man in the middle attack to
view sensitive information or alter encrypted communications.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.2-2ubuntu2.3.diff.gz
Size/MD5: 191107 9d0c089074ea79db248cca36714e56cd
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.2-2ubuntu2.3.dsc
Size/MD5: 812 68c7ce726e683390daf0199b2b646865
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.2.orig.tar.gz
Size/MD5: 1522264 a661735496077232acedb82a901fa499
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmailconf_6.3.2-2ubuntu2.3_all.deb
Size/MD5: 114946 01a751405f08024ed08e0ec1b06b6213
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.2-2ubuntu2.3_amd64.deb
Size/MD5: 347012 32a3fff1c437774c2480646536b9e716
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.2-2ubuntu2.3_i386.deb
Size/MD5: 333650 0eed4e07d723dba7ca14210e80e59c7a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.2-2ubuntu2.3_powerpc.deb
Size/MD5: 345698 ee714084a44f35a1c7bc9916691ccea2
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.2-2ubuntu2.3_sparc.deb
Size/MD5: 339820 47b3f94dc05000e46489fddd30eea5be
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.8-10ubuntu1.1.diff.gz
Size/MD5: 63885 e305fcae9eb86e0fce57c1e0467db13e
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.8-10ubuntu1.1.dsc
Size/MD5: 1080 49e91c3a8ed18d928a3002279ac61caa
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.8.orig.tar.gz
Size/MD5: 1691723 1b84621072b4f906b5686a4fbae0b1d7
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmailconf_6.3.8-10ubuntu1.1_all.deb
Size/MD5: 63906 e40223bb9b433719091d0d9de835cc1e
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.8-10ubuntu1.1_amd64.deb
Size/MD5: 385906 154e459bf59e28a44750bd392ddd2ca9
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.8-10ubuntu1.1_i386.deb
Size/MD5: 373120 dcb601f22e56bf36f2104b359fbc1c9d
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/f/fetchmail/fetchmail_6.3.8-10ubuntu1.1_lpia.deb
Size/MD5: 373342 f1a37e39a5dc46fdeb25ece934faff56
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/f/fetchmail/fetchmail_6.3.8-10ubuntu1.1_powerpc.deb
Size/MD5: 388680 2f669c26bd5093201815241caae577a0
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/f/fetchmail/fetchmail_6.3.8-10ubuntu1.1_sparc.deb
Size/MD5: 377326 b8f0ba3a4ac9513ff931cb9e9ddeed0c
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.8-11ubuntu3.1.diff.gz
Size/MD5: 65008 ae5fa277a18f59b0e2af5119b21cc962
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.8-11ubuntu3.1.dsc
Size/MD5: 1488 c2dbe38ccbcdcb60260fefd9fcc47608
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.8.orig.tar.gz
Size/MD5: 1691723 1b84621072b4f906b5686a4fbae0b1d7
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmailconf_6.3.8-11ubuntu3.1_all.deb
Size/MD5: 64354 2b0529ffa107f1622b7b559dbcea19f3
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.8-11ubuntu3.1_amd64.deb
Size/MD5: 387888 93842d6ea6f4544b58976d6b7329b65c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.8-11ubuntu3.1_i386.deb
Size/MD5: 373930 968ae9e9dac23d81c6d63eac91590a49
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/f/fetchmail/fetchmail_6.3.8-11ubuntu3.1_lpia.deb
Size/MD5: 373726 a12e3bf5a1b691e2435f8b91b028b3d2
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/f/fetchmail/fetchmail_6.3.8-11ubuntu3.1_powerpc.deb
Size/MD5: 388470 d7da47c31d27d3edbb5c8e2b0b308909
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/f/fetchmail/fetchmail_6.3.8-11ubuntu3.1_sparc.deb
Size/MD5: 380018 b4015f4a8b8e67c1b62231033b736bba
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.9~rc2-4ubuntu1.1.diff.gz
Size/MD5: 49605 3bbf57ecf060a6254b71bc73b46c429e
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.9~rc2-4ubuntu1.1.dsc
Size/MD5: 1505 3d4d55b89631a10be608739db0488d00
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.9~rc2.orig.tar.gz
Size/MD5: 1711087 200ece6f73ac28ccda7aea42ea4e492d
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmailconf_6.3.9~rc2-4ubuntu1.1_all.deb
Size/MD5: 64940 68cf588634d7ab15120f0fc73f8cbb73
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.9~rc2-4ubuntu1.1_amd64.deb
Size/MD5: 391020 40816e1ae515f598756b55ec23c38cf6
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.9~rc2-4ubuntu1.1_i386.deb
Size/MD5: 377636 70682ec1fbf0fc1692f83c15bdf593e7
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/f/fetchmail/fetchmail_6.3.9~rc2-4ubuntu1.1_lpia.deb
Size/MD5: 377928 986f144b2162feb7664b9f5c39047035
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/f/fetchmail/fetchmail_6.3.9~rc2-4ubuntu1.1_powerpc.deb
Size/MD5: 391402 d69de1a36758e6b35d46e7283f555b61
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/f/fetchmail/fetchmail_6.3.9~rc2-4ubuntu1.1_sparc.deb
Size/MD5: 384332 eabd08fec6c574ad615e0dd38c0961e6
--54ZiyWcDhi/7bWb8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Kees Cook lt;kees@outflux.netgt;
iEYEARECAAYFAkqDSJwACgkQH/9LqRcGPm34VwCbBQkyKwnwuH4lHzt4pY8BkwLs
JN8AoJIzBPS+dXdCpih7fzNrnIYPN3VS
=0uNc
-----END PGP SIGNATURE-----
fetchmail vulnerability
CVE-2009-2666
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
fetchmail 6.3.2-2ubuntu2.3
Ubuntu 8.04 LTS:
fetchmail 6.3.8-10ubuntu1.1
Ubuntu 8.10:
fetchmail 6.3.8-11ubuntu3.1
Ubuntu 9.04:
fetchmail 6.3.9~rc2-4ubuntu1.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Moxie Marlinspike discovered that fetchmail did not properly handle
certificates with NULL characters in the certificate name. A remote
attacker could exploit this to perform a man in the middle attack to
view sensitive information or alter encrypted communications.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.2-2ubuntu2.3.diff.gz
Size/MD5: 191107 9d0c089074ea79db248cca36714e56cd
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.2-2ubuntu2.3.dsc
Size/MD5: 812 68c7ce726e683390daf0199b2b646865
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.2.orig.tar.gz
Size/MD5: 1522264 a661735496077232acedb82a901fa499
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmailconf_6.3.2-2ubuntu2.3_all.deb
Size/MD5: 114946 01a751405f08024ed08e0ec1b06b6213
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.2-2ubuntu2.3_amd64.deb
Size/MD5: 347012 32a3fff1c437774c2480646536b9e716
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.2-2ubuntu2.3_i386.deb
Size/MD5: 333650 0eed4e07d723dba7ca14210e80e59c7a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.2-2ubuntu2.3_powerpc.deb
Size/MD5: 345698 ee714084a44f35a1c7bc9916691ccea2
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.2-2ubuntu2.3_sparc.deb
Size/MD5: 339820 47b3f94dc05000e46489fddd30eea5be
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.8-10ubuntu1.1.diff.gz
Size/MD5: 63885 e305fcae9eb86e0fce57c1e0467db13e
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.8-10ubuntu1.1.dsc
Size/MD5: 1080 49e91c3a8ed18d928a3002279ac61caa
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.8.orig.tar.gz
Size/MD5: 1691723 1b84621072b4f906b5686a4fbae0b1d7
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmailconf_6.3.8-10ubuntu1.1_all.deb
Size/MD5: 63906 e40223bb9b433719091d0d9de835cc1e
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.8-10ubuntu1.1_amd64.deb
Size/MD5: 385906 154e459bf59e28a44750bd392ddd2ca9
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.8-10ubuntu1.1_i386.deb
Size/MD5: 373120 dcb601f22e56bf36f2104b359fbc1c9d
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/f/fetchmail/fetchmail_6.3.8-10ubuntu1.1_lpia.deb
Size/MD5: 373342 f1a37e39a5dc46fdeb25ece934faff56
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/f/fetchmail/fetchmail_6.3.8-10ubuntu1.1_powerpc.deb
Size/MD5: 388680 2f669c26bd5093201815241caae577a0
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/f/fetchmail/fetchmail_6.3.8-10ubuntu1.1_sparc.deb
Size/MD5: 377326 b8f0ba3a4ac9513ff931cb9e9ddeed0c
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.8-11ubuntu3.1.diff.gz
Size/MD5: 65008 ae5fa277a18f59b0e2af5119b21cc962
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.8-11ubuntu3.1.dsc
Size/MD5: 1488 c2dbe38ccbcdcb60260fefd9fcc47608
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.8.orig.tar.gz
Size/MD5: 1691723 1b84621072b4f906b5686a4fbae0b1d7
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmailconf_6.3.8-11ubuntu3.1_all.deb
Size/MD5: 64354 2b0529ffa107f1622b7b559dbcea19f3
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.8-11ubuntu3.1_amd64.deb
Size/MD5: 387888 93842d6ea6f4544b58976d6b7329b65c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.8-11ubuntu3.1_i386.deb
Size/MD5: 373930 968ae9e9dac23d81c6d63eac91590a49
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/f/fetchmail/fetchmail_6.3.8-11ubuntu3.1_lpia.deb
Size/MD5: 373726 a12e3bf5a1b691e2435f8b91b028b3d2
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/f/fetchmail/fetchmail_6.3.8-11ubuntu3.1_powerpc.deb
Size/MD5: 388470 d7da47c31d27d3edbb5c8e2b0b308909
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/f/fetchmail/fetchmail_6.3.8-11ubuntu3.1_sparc.deb
Size/MD5: 380018 b4015f4a8b8e67c1b62231033b736bba
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.9~rc2-4ubuntu1.1.diff.gz
Size/MD5: 49605 3bbf57ecf060a6254b71bc73b46c429e
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.9~rc2-4ubuntu1.1.dsc
Size/MD5: 1505 3d4d55b89631a10be608739db0488d00
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.9~rc2.orig.tar.gz
Size/MD5: 1711087 200ece6f73ac28ccda7aea42ea4e492d
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/f/fetchmail/fetchmailconf_6.3.9~rc2-4ubuntu1.1_all.deb
Size/MD5: 64940 68cf588634d7ab15120f0fc73f8cbb73
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.9~rc2-4ubuntu1.1_amd64.deb
Size/MD5: 391020 40816e1ae515f598756b55ec23c38cf6
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/fetchmail/fetchmail_6.3.9~rc2-4ubuntu1.1_i386.deb
Size/MD5: 377636 70682ec1fbf0fc1692f83c15bdf593e7
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/f/fetchmail/fetchmail_6.3.9~rc2-4ubuntu1.1_lpia.deb
Size/MD5: 377928 986f144b2162feb7664b9f5c39047035
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/f/fetchmail/fetchmail_6.3.9~rc2-4ubuntu1.1_powerpc.deb
Size/MD5: 391402 d69de1a36758e6b35d46e7283f555b61
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/f/fetchmail/fetchmail_6.3.9~rc2-4ubuntu1.1_sparc.deb
Size/MD5: 384332 eabd08fec6c574ad615e0dd38c0961e6
--54ZiyWcDhi/7bWb8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Kees Cook lt;kees@outflux.netgt;
iEYEARECAAYFAkqDSJwACgkQH/9LqRcGPm34VwCbBQkyKwnwuH4lHzt4pY8BkwLs
JN8AoJIzBPS+dXdCpih7fzNrnIYPN3VS
=0uNc
-----END PGP SIGNATURE-----
