Описание
Security update for fetchmail
This update for fetchmail fixes the following issues:
- CVE-2012-3482: A denial of service vulnerability in the base64 decoder during processing server NTLM protocol exchange was fixed (bsc#775988).
Список пакетов
SUSE Linux Enterprise Desktop 11 SP4
fetchmail-6.3.8.90-13.20.21.1
SUSE Linux Enterprise Server 11 SP4
fetchmail-6.3.8.90-13.20.21.1
fetchmailconf-6.3.8.90-13.20.21.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
fetchmail-6.3.8.90-13.20.21.1
fetchmailconf-6.3.8.90-13.20.21.1
Ссылки
- Link for SUSE-SU-2016:0872-1
- E-Mail link for SUSE-SU-2016:0872-1
- SUSE Security Ratings
- SUSE Bug 775988
- SUSE CVE CVE-2012-3482 page
Описание
Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP4:fetchmail-6.3.8.90-13.20.21.1
SUSE Linux Enterprise Server 11 SP4:fetchmail-6.3.8.90-13.20.21.1
SUSE Linux Enterprise Server 11 SP4:fetchmailconf-6.3.8.90-13.20.21.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:fetchmail-6.3.8.90-13.20.21.1
Ссылки
- CVE-2012-3482
- SUSE Bug 775988