-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 216-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
December 24th, 2002 http://www.debian.org/security/faq
- --
Package: fetchmail
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE Id : CAN-2002-1365 (confirmed)
Stefan Esser of e-matters discovered a buffer overflow in fetchmail,
an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder. When
fetchmail retrieves a mail all headers that contain addresses are
searched for local addresses. If a hostname is missing, fetchmail
appends it but doesn't reserve enough space for it. This heap
overflow can be used by remote attackers to crash it or to execute
arbitrary code with the privileges of the user running fetchmail.
For the current stable distribution (woody) this problem has been
fixed in version 5.9.11-6.2 of fetchmail and fetchmail-ssl.
For the old stable distribution (potato) this problem has been fixed
in version 5.3.3-4.3.
For the current unstable distribution (sid) this problem has been
fixed in version 6.2.0-1 of fetchmail and fetchmail-ssl.
We recommend that you upgrade your fetchmail packages.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 2.2 alias potato
- -
Source archives:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.3.dsc
Size/MD5 checksum: 566 a1903624c0ec3bd32511423932643072
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.3.diff.gz
Size/MD5 checksum:27949 ba53d0ca7f33019f8aa377359adf1212
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3.orig.tar.gz
Size/MD5 checksum: 755731 d2cffc4594ec2d36db6681b800f25e2a
Architecture independent components:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_5.3.3-4.3_all.deb
Size/MD5 checksum:63344 eeb78fb002b7cec35d21f782123638c5
Alpha architecture:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.3_alpha.deb
Size/MD5 checksum: 371692 f59ce881bc67072165a43c935d1c555b
ARM architecture:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.3_arm.deb
Size/MD5 checksum: 349562 7f3512eed908f266268a5c92be1d2fd8
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.3_i386.deb
Size/MD5 checksum: 342328 51380d2821f2837a7aaf3f14850fce83
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.3_m68k.deb
Size/MD5 checksum: 336626 0fc917ae77fae36202be9db505de495e
PowerPC architecture:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.3_powerpc.deb
Size/MD5 checksum: 350320 e3d5dbe15acefa05a6c7cbfdada1bf2a
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.3_sparc.deb
Size/MD5 checksum: 328084 1f5bc0689d1c1c86f81d022a53e9cff9
Debian GNU/Linux 3.0 alias woody
-
Source archives:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.2.dsc
Size/MD5 checksum: 712 7dd3621fe339460971cc328484b0e279
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.2.diff.gz
Size/MD5 checksum: 300336 7503a6bbf5020b118c0061586e16822a
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11.orig.tar.gz
Size/MD5 checksum: 950273 fff00cbf7be1d01a17605fee23ac96dd
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.2.dsc
Size/MD5 checksum: 707 69a8e2fa290af062b9740943d26df507
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.2.diff.gz
Size/MD5 checksum: 296112 e4ecdeddc8bffa9a54f386ab449485fe
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11.orig.tar.gz
Size/MD5 checksum: 950273 fff00cbf7be1d01a17605fee23ac96dd
Architecture independent components:
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail-common_5.9.11-6.2_all.deb
Size/MD5 checksum: 165338 fd022003903f569d077e36faf5ad2a21