fetchmail-6.4.24-1.el8.ML.1
エラータID: AXSA:2022-3362:02
リリース日:
2022/07/04 Monday - 01:17
題名:
fetchmail-6.4.24-1.el8.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- fetchmail には、vsnprintf() 標準ライブラリ関数利用時の引数の初期化漏れがあり、
サービス拒否攻撃や長いエラーメッセージを利用した不特定の攻撃を可能とする
脆弱性があります。(CVE-2021-36386)
- fetchmail には、IMAP や PREAUTH を伴うの特定の状況おいて、STARTTLS
セッション暗号化が利用できない脆弱性があります。(CVE-2021-39272)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-36386
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.
CVE-2021-39272
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.
追加情報:
N/A
ダウンロード:
SRPMS
- fetchmail-6.4.24-1.el8.ML.1.src.rpm
MD5: c9ec11f8201d08ad6f3e4c4ce080ed16
SHA-256: 2c3210489d38aee41405a92c5bc588711716c09a5822dfa0309dd05780cecb38
Size: 1.30 MB
Asianux Server 8 for x86_64
- fetchmail-6.4.24-1.el8.ML.1.x86_64.rpm
MD5: 2e7722264f0e9566dc564e7ccc23465b
SHA-256: 86827a8e8ca36eb622972a4731f273f6abb6654f7aa145620f0194f69eca535c
Size: 602.65 kB
English