From: Eridani Star System <linux@eridani.co.uk>
To: eridani-announce@eridani.co.uk
Subject: [Eridani-Announce] ERISA-2002:016 - fetchmail
Date: Wed, 22 May 2002 00:10:38 +0100 (BST)
=========================================================================
ERIDANI LINUX - SECURITY ANNOUNCEMENT
=========================================================================
Package: fetchmail
Summary: IMAP buffer overflow
Date: 2002-05-22
ID: ERISA-2002:016
=========================================================================
Problem description:
fetchmail forms an array to contain messages retrieved from an IMAP
server, determined from what the server reports to the client.
Versions of fetchmail prior to 5.9.0-9 (or source 5.9.10) did not check
that the number of emails reported was incorrect, allowing a malicious
server to cause fetchmail to exceed its buffer allocation and write
data where it shouldn't.
-------------------------------------------------------------------------
Updated packages:
6794251a813511428e5997fb944e314f fetchmail-5.9.0-9.src.rpm
c85fb8bcbf6b28d261397d877c89a35c fetchmail-5.9.0-9.i386.rpm
a107eff5bbe418011664b76ad636eea5 fetchmailconf-5.9.0-9.i386.rpm
-------------------------------------------------------------------------
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0146
=========================================================================
Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/
or by HTTP from http://ftp.eridani.co.uk/
Packages are signed with our GNU GPG key, also on our FTP site.
Users of releases of Eridani Linux prior to 6.3 are advised to download
the source RPM and rebuild for their system.
Copyright (C)2002 Eridani Star System
-- Michael "Soruk" McConnell http://www.eridani.co.uk
Eridani Linux -- The Most Up-to-Date Red Hat-based Linux CDROMs Available
Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more...
_______________________________________________
Eridani-Announce mailing list
To be removed from this list email linux@eridani.co.uk requesting removal.