Bugtraqmailing list archives
[RHSA-2002:047-10] Updated fetchmail packages available
From: bugzilla () redhat com
Date: Tue, 21 May 2002 09:16 -0400
--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security AdvisorySynopsis: Updated fetchmail packages availableAdvisory ID: RHSA-2002:047-10Issue date: 2002-03-11Updated on: 2002-05-20Product: Red Hat LinuxKeywords: fetchmail boundsCross references: Obsoletes: RHSA-2001:103CVE Names: CAN-2002-0146---------------------------------------------------------------------1. Topic:Updated fetchmail packages are available for Red Hat Linux 6.2, 7, 7.1,7.2, and 7.3 which close a remotely-exploitable vulnerability in unpatchedversions of fetchmail prior to 5.9.10.2. Relevant releases/architectures:Red Hat Linux 6.2 - alpha, i386, sparcRed Hat Linux 7.0 - alpha, i386Red Hat Linux 7.1 - alpha, i386, ia64Red Hat Linux 7.2 - i386, ia64Red Hat Linux 7.3 - i3863. Problem description:When retrieving mail from an IMAP server, the fetchmail e-mail client willallocate an array to store the sizes of the messages whichit will attempt to fetch. The size of the array is determined by thenumber of messages that the server claims to have. Unpatched versions offetchmail prior to 5.9.10 did not check whether the number of e-mails theserver claimed was too high, allowing a malicious server to cause thefetchmail process to write data outside of the array bounds.Users of fetchmail are advised to upgrade to this errata package which isnot vulnerable to this issue.The Common Vulnerabilities and Exposures project (cve.mitre.org) hasassigned the name CAN-2002-0146 to this issue.4. Solution:Before applying this update, make sure all previously released erratarelevant to your system have been applied.To update all RPMs for your particular architecture, run:rpm -Fvh [filenames]where [filenames] is a list of the RPMs you wish to upgrade. Only thoseRPMs which are currently installed will be updated. Those RPMs which arenot installed but included in the list will not be updated. Note that youcan also use wildcards (*.rpm) if your current directory *only* contains thedesired RPMs.Please note that this update is also available via Red Hat Network. Manypeople find this an easier way to apply updates. To use Red Hat Network,launch the Red Hat Update Agent with the following command:up2dateThis will start an interactive process that will result in the appropriateRPMs being upgraded on your system.5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):6. RPMs required:Red Hat Linux 6.2:SRPMS:ftp://updates.redhat.com/6.2/en/os/SRPMS/fetchmail-5.9.0-9.src.rpmalpha:ftp://updates.redhat.com/6.2/en/os/alpha/fetchmail-5.9.0-9.alpha.rpmftp://updates.redhat.com/6.2/en/os/alpha/fetchmailconf-5.9.0-9.alpha.rpmi386:ftp://updates.redhat.com/6.2/en/os/i386/fetchmail-5.9.0-9.i386.rpmftp://updates.redhat.com/6.2/en/os/i386/fetchmailconf-5.9.0-9.i386.rpmsparc:ftp://updates.redhat.com/6.2/en/os/sparc/fetchmail-5.9.0-9.sparc.rpmftp://updates.redhat.com/6.2/en/os/sparc/fetchmailconf-5.9.0-9.sparc.rpmRed Hat Linux 7.0:SRPMS:ftp://updates.redhat.com/7.0/en/os/SRPMS/fetchmail-5.9.0-10.src.rpmalpha:ftp://updates.redhat.com/7.0/en/os/alpha/fetchmail-5.9.0-10.alpha.rpmftp://updates.redhat.com/7.0/en/os/alpha/fetchmailconf-5.9.0-10.alpha.rpmi386:ftp://updates.redhat.com/7.0/en/os/i386/fetchmail-5.9.0-10.i386.rpmftp://updates.redhat.com/7.0/en/os/i386/fetchmailconf-5.9.0-10.i386.rpmRed Hat Linux 7.1:SRPMS:ftp://updates.redhat.com/7.1/en/os/SRPMS/fetchmail-5.9.0-10.src.rpmalpha:ftp://updates.redhat.com/7.1/en/os/alpha/fetchmail-5.9.0-10.alpha.rpmftp://updates.redhat.com/7.1/en/os/alpha/fetchmailconf-5.9.0-10.alpha.rpmi386:ftp://updates.redhat.com/7.1/en/os/i386/fetchmail-5.9.0-10.i386.rpmftp://updates.redhat.com/7.1/en/os/i386/fetchmailconf-5.9.0-10.i386.rpmia64:ftp://updates.redhat.com/7.1/en/os/ia64/fetchmail-5.9.0-10.ia64.rpmftp://updates.redhat.com/7.1/en/os/ia64/fetchmailconf-5.9.0-10.ia64.rpmRed Hat Linux 7.2:SRPMS:ftp://updates.redhat.com/7.2/en/os/SRPMS/fetchmail-5.9.0-11.src.rpmi386:ftp://updates.redhat.com/7.2/en/os/i386/fetchmail-5.9.0-11.i386.rpmftp://updates.redhat.com/7.2/en/os/i386/fetchmailconf-5.9.0-11.i386.rpmia64:ftp://updates.redhat.com/7.2/en/os/ia64/fetchmail-5.9.0-11.ia64.rpmftp://updates.redhat.com/7.2/en/os/ia64/fetchmailconf-5.9.0-11.ia64.rpmRed Hat Linux 7.3:SRPMS:ftp://updates.redhat.com/7.3/en/os/SRPMS/fetchmail-5.9.0-11.src.rpmi386:ftp://updates.redhat.com/7.3/en/os/i386/fetchmail-5.9.0-11.i386.rpmftp://updates.redhat.com/7.3/en/os/i386/fetchmailconf-5.9.0-11.i386.rpm7. Verification:MD5 sum Package Name--------------------------------------------------------------------------70060565050a75b9a8a6e4e9aab7dd13 6.2/en/os/SRPMS/fetchmail-5.9.0-9.src.rpmf512bd03071d55a517db02c25cba1d9e 6.2/en/os/alpha/fetchmail-5.9.0-9.alpha.rpmee4188a49b8b72a23c80569e2f9ebf25 6.2/en/os/alpha/fetchmailconf-5.9.0-9.alpha.rpm2d3dede8a1712a7cd9c5ae9c10f9ece1 6.2/en/os/i386/fetchmail-5.9.0-9.i386.rpm0fb614c9246c9d592437afcee6fb5f08 6.2/en/os/i386/fetchmailconf-5.9.0-9.i386.rpm39b791c44da50a999b605adfeb96555f 6.2/en/os/sparc/fetchmail-5.9.0-9.sparc.rpmdeec2fc4067464a5acc87903d5f39bc1 6.2/en/os/sparc/fetchmailconf-5.9.0-9.sparc.rpm26a76843eaa2b1262bb2ff77cca49971 7.0/en/os/SRPMS/fetchmail-5.9.0-10.src.rpm9027659432e3e8cba0dbe6ce4697e1b6 7.0/en/os/alpha/fetchmail-5.9.0-10.alpha.rpmbb81872228a85c7ae7d2aaedfde6363b 7.0/en/os/alpha/fetchmailconf-5.9.0-10.alpha.rpm80d5dd22b14c3c35e54cfd59c4b3bb67 7.0/en/os/i386/fetchmail-5.9.0-10.i386.rpm12569fe25e5af87071a866532f12cfce 7.0/en/os/i386/fetchmailconf-5.9.0-10.i386.rpm26a76843eaa2b1262bb2ff77cca49971 7.1/en/os/SRPMS/fetchmail-5.9.0-10.src.rpm9027659432e3e8cba0dbe6ce4697e1b6 7.1/en/os/alpha/fetchmail-5.9.0-10.alpha.rpmbb81872228a85c7ae7d2aaedfde6363b 7.1/en/os/alpha/fetchmailconf-5.9.0-10.alpha.rpm80d5dd22b14c3c35e54cfd59c4b3bb67 7.1/en/os/i386/fetchmail-5.9.0-10.i386.rpm12569fe25e5af87071a866532f12cfce 7.1/en/os/i386/fetchmailconf-5.9.0-10.i386.rpm6ac74a69fb49b4df7090f4c4bd8373cf 7.1/en/os/ia64/fetchmail-5.9.0-10.ia64.rpm158b2785e0c00afca961caac3b420572 7.1/en/os/ia64/fetchmailconf-5.9.0-10.ia64.rpmd3f57f0c258ab404b07f6d5c6ae10c4a 7.2/en/os/SRPMS/fetchmail-5.9.0-11.src.rpm8ac6d5614b18de67e5dd53ea8de64e16 7.2/en/os/i386/fetchmail-5.9.0-11.i386.rpm51eeebc63b4e44bbf9de2d3ba3d408ff 7.2/en/os/i386/fetchmailconf-5.9.0-11.i386.rpm752e5f8d77d171a5b76e4ddea9a2bb9c 7.2/en/os/ia64/fetchmail-5.9.0-11.ia64.rpm75d869e0d7f8e507b4e942f82b9bddd8 7.2/en/os/ia64/fetchmailconf-5.9.0-11.ia64.rpmd3f57f0c258ab404b07f6d5c6ae10c4a 7.3/en/os/SRPMS/fetchmail-5.9.0-11.src.rpm8ac6d5614b18de67e5dd53ea8de64e16 7.3/en/os/i386/fetchmail-5.9.0-11.i386.rpm51eeebc63b4e44bbf9de2d3ba3d408ff 7.3/en/os/i386/fetchmailconf-5.9.0-11.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our keyis available at:http://www.redhat.com/about/contact/pgpkey.htmlYou can verify each package with the following command: rpm --checksig <filename>If you only wish to verify that each package has not been corrupted ortampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename>8. References:http://tuxedo.org/~esr/fetchmail/NEWShttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0146Copyright(c) 2000, 2001, 2002 Red Hat, Inc.
Current thread:
- [RHSA-2002:047-10] Updated fetchmail packages availablebugzilla (May 21)
- Re: [RHSA-2002:047-10] Updated fetchmail packages availableFlorian Weimer (May 31)
- Re: [RHSA-2002:047-10] Updated fetchmail packages availableNate Eldredge (May 31)
- Re: [RHSA-2002:047-10] Updated fetchmail packages availableOlaf Kirch (May 31)
- Re: [RHSA-2002:047-10] Updated fetchmail packages availableNate Eldredge (May 31)
- Re: [RHSA-2002:047-10] Updated fetchmail packages availableFlorian Weimer (May 31)