From:	 Eridani Star System <linux@eridani.co.uk>
To:	 eridani-announce@eridani.co.uk
Subject: [Eridani-Announce] ERISA-2002:016 - fetchmail
Date:	 Wed, 22 May 2002 00:10:38 +0100 (BST)

=========================================================================
		ERIDANI LINUX - SECURITY ANNOUNCEMENT
=========================================================================

Package:	fetchmail
Summary:	IMAP buffer overflow
Date:		2002-05-22
ID:		ERISA-2002:016

=========================================================================

Problem description:

  fetchmail forms an array to contain messages retrieved from an IMAP
  server, determined from what the server reports to the client.

  Versions of fetchmail prior to 5.9.0-9 (or source 5.9.10) did not check
  that the number of emails reported was incorrect, allowing a malicious
  server to cause fetchmail to exceed its buffer allocation and write
  data where it shouldn't.

-------------------------------------------------------------------------
Updated packages:

  6794251a813511428e5997fb944e314f  fetchmail-5.9.0-9.src.rpm

  c85fb8bcbf6b28d261397d877c89a35c  fetchmail-5.9.0-9.i386.rpm
  a107eff5bbe418011664b76ad636eea5  fetchmailconf-5.9.0-9.i386.rpm

-------------------------------------------------------------------------
References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0146

=========================================================================

Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/
or by HTTP from http://ftp.eridani.co.uk/

Packages are signed with our GNU GPG key, also on our FTP site.

Users of releases of Eridani Linux prior to 6.3 are advised to download   
the source RPM and rebuild for their system.

Copyright (C)2002 Eridani Star System

-- Michael "Soruk" McConnell                       http://www.eridani.co.uk
Eridani Linux  --  The Most Up-to-Date Red Hat-based Linux CDROMs Available
Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more...

_______________________________________________
Eridani-Announce mailing list
To be removed from this list email linux@eridani.co.uk requesting removal.