Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:1964

Опубликовано: 10 мая 2022
Источник: rocky
Оценка: Moderate

Описание

Moderate: fetchmail security update

Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6, and IPSEC) for retrieval. Then Fetchmail forwards the mail through SMTP so the user can read it through their favorite mail client.

Security Fix(es):

  • fetchmail: DoS or information disclosure when logging long messages (CVE-2021-36386)

  • fetchmail: STARTTLS session encryption bypassing (CVE-2021-39272)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
fetchmailx86_641.el8fetchmail-6.4.24-1.el8.x86_64.rpm

Показывать по

Связанные CVE

CVE-2021-36386
CVE-2021-39272

Ссылки на источники

Исправления

Связанные уязвимости

suse-cvrf логотип

openSUSE-SU-2021:4018-1

suse-cvrf
больше 3 лет назад

Security update for fetchmail

suse-cvrf логотип

openSUSE-SU-2021:1591-1

suse-cvrf
больше 3 лет назад

Security update for fetchmail

suse-cvrf логотип

SUSE-SU-2021:4018-1

suse-cvrf
больше 3 лет назад

Security update for fetchmail

oracle-oval логотип

ELSA-2022-1964

oracle-oval
около 3 лет назад

ELSA-2022-1964: fetchmail security update (MODERATE)

ubuntu логотип

CVE-2021-39272

CVSS3: 5.9
ubuntu
почти 4 года назад

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.