fetchmail-6.4.24-1.el8.ML.1
エラータID: AXSA:2022-3362:02
Fetchmail is a remote mail retrieval and forwarding utility intended
for use over on-demand TCP/IP links, like SLIP or PPP connections.
Fetchmail supports every remote-mail protocol currently in use on the
Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6,
and IPSEC) for retrieval. Then Fetchmail forwards the mail through
SMTP so you can read it through your favorite mail client.
Install fetchmail if you need to retrieve mail over SLIP or PPP connections.
Security Fix(es):
* fetchmail: DoS or information disclosure when logging long messages
(CVE-2021-36386)
* fetchmail: STARTTLS session encryption bypassing (CVE-2021-39272)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Additional Changes:
Update the version to 6.4.24-1.el8.ML.1.
CVE-2021-36386
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits
initialization of the vsnprintf va_list argument, which might allow mail servers
to cause a denial of service or possibly have unspecified other impact via long
error messages. NOTE: it is unclear whether use of Fetchmail on any realistic
platform results in an impact beyond an inconvenience to the client user.
CVE-2021-39272
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some
circumstances, such as a certain situation with IMAP and PREAUTH.
Update packages.
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.
N/A
SRPMS
- fetchmail-6.4.24-1.el8.ML.1.src.rpm
MD5: c9ec11f8201d08ad6f3e4c4ce080ed16
SHA-256: 2c3210489d38aee41405a92c5bc588711716c09a5822dfa0309dd05780cecb38
Size: 1.30 MB
Asianux Server 8 for x86_64
- fetchmail-6.4.24-1.el8.ML.1.x86_64.rpm
MD5: 2e7722264f0e9566dc564e7ccc23465b
SHA-256: 86827a8e8ca36eb622972a4731f273f6abb6654f7aa145620f0194f69eca535c
Size: 602.65 kB