PLDSA [4-1] New fetchmail packages fix buffer overflow
Krzysiek Taraszka
dzimi at pld.org.pl
Sat Jan 4 13:20:02 CET 2003
- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 4-1 security at pld.org.pl
http://www.pld.org.pl/security/ PLD Security Team
22 December 2002 http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------
Package : fetchmail prior to 6.1.2-2
Vulnerability : buffer overflow
Problem-Type : remote
PLD-specific : no
Upstream URL : http://security.e-matters.de/advisories/052002.html
Stefan Esser discovered another bufferoverflow within the default configuration.
This heap overflow can be used by remote attackers to crash it or to execute
arbitrary code with the privileges of the user running fetchmail.
Depending on the configuration this allows a remote root compromise.
The above problems have been fixed in version 6.2.0-1 for the
current stable distribution (ra).
We recommend that you upgrade your fetchmail packages.
wget -c url
will fetch the file for you
rpm -Uhv file(s)*.rpm
will upgrade the referenced file.
If you are using "poldek" - the package manager, use the line as given below
for upgrade packages
poldek --update
will update the internal database
poldek --upgrade 'fetchmail*'
will install corrected packages
If you are using "apt" - the package manager, use the line as given below
for upgrade packages
apt-get update
will update the internal database
apt-get upgrade 'fetchmail*'
will install corrected packages
PLD Linux 1.0 alias ra
- --------------------
Source archives:
ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/fetchmail-6.2.0-1.src.rpm
MD5 checksum: f55bc41db865bd84ec715bc9d7691738
I386 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/fetchmail-6.2.0-1.i386.rpm
MD5 checksum: b01670f48a2931ebee3e7f54943d3a6a
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/fetchmail-daemon-6.2.0-1.i386.rpm
MD5 checksum: 882f18388cd0702450f8f57d76ed31c0
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/fetchmailconf-6.2.0-1.i386.rpm
MD5 checksum: f07b119e641528a65b24d1f27fae2a65
I586 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/fetchmail-6.2.0-1.i586.rpm
MD5 checksum: 6dd441b245604f86c41eeb15fa717ece
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/fetchmail-daemon-6.2.0-1.i586.rpm
MD5 checksum: 4413c5a0da0adf5379c505b1fd1d6a00
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/fetchmailconf-6.2.0-1.i586.rpm
MD5 checksum: 2e653227e2f6da04eefd0b151432dc54
I686 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/fetchmail-6.2.0-1.i686.rpm
MD5 checksum: 752df5229bd5b7cfa3cc7d88ea5e461c
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/fetchmail-daemon-6.2.0-1.i686.rpm
MD5 checksum: 5c03b7c4383e792a45fced4dbdd5d0b0
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/fetchmailconf-6.2.0-1.i686.rpm
MD5 checksum: 947769056a593572a7dc87f32c421802
PowerPC Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/fetchmail-6.2.0-1.ppc.rpm
MD5 checksum: e3c93e286fb52b93b97fda1908a3b612
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/fetchmail-daemon-6.2.0-1.ppc.rpm
MD5 checksum: eb77792c0a9596e8075f160dc51eaf0e
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/fetchmailconf-6.2.0-1.ppc.rpm
MD5 checksum: 9e3a8aba300304704dccfa77cd4dd8fe
-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.
For i386 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security
More information about the pld-security-announce
mailing list