Описание
Security update for fetchmail
This update for fetchmail fixes the following issues:
- CVE-2021-36386: Fixed a missing variable initialization that can cause read from bad memory locations. (bsc#1188875)
- Change PASSWORDLEN from 64 to 256 (bsc#1188034)
Список пакетов
SUSE Enterprise Storage 6
fetchmail-6.3.26-20.14.1
fetchmailconf-6.3.26-20.14.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
fetchmail-6.3.26-20.14.1
fetchmailconf-6.3.26-20.14.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
fetchmail-6.3.26-20.14.1
fetchmailconf-6.3.26-20.14.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
fetchmail-6.3.26-20.14.1
fetchmailconf-6.3.26-20.14.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
fetchmail-6.3.26-20.14.1
fetchmailconf-6.3.26-20.14.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
fetchmail-6.3.26-20.14.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
fetchmail-6.3.26-20.14.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
fetchmailconf-6.3.26-20.14.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP3
fetchmailconf-6.3.26-20.14.1
SUSE Linux Enterprise Server 15 SP1-BCL
fetchmail-6.3.26-20.14.1
fetchmailconf-6.3.26-20.14.1
SUSE Linux Enterprise Server 15 SP1-LTSS
fetchmail-6.3.26-20.14.1
fetchmailconf-6.3.26-20.14.1
SUSE Linux Enterprise Server 15-LTSS
fetchmail-6.3.26-20.14.1
fetchmailconf-6.3.26-20.14.1
SUSE Linux Enterprise Server for SAP Applications 15
fetchmail-6.3.26-20.14.1
fetchmailconf-6.3.26-20.14.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
fetchmail-6.3.26-20.14.1
fetchmailconf-6.3.26-20.14.1
SUSE Manager Proxy 4.0
fetchmail-6.3.26-20.14.1
fetchmailconf-6.3.26-20.14.1
SUSE Manager Retail Branch Server 4.0
fetchmail-6.3.26-20.14.1
fetchmailconf-6.3.26-20.14.1
SUSE Manager Server 4.0
fetchmail-6.3.26-20.14.1
fetchmailconf-6.3.26-20.14.1
Ссылки
- Link for SUSE-SU-2021:2791-1
- E-Mail link for SUSE-SU-2021:2791-1
- SUSE Security Ratings
- SUSE Bug 1188034
- SUSE Bug 1188875
- SUSE CVE CVE-2021-36386 page
Описание
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.
Затронутые продукты
SUSE Enterprise Storage 6:fetchmail-6.3.26-20.14.1
SUSE Enterprise Storage 6:fetchmailconf-6.3.26-20.14.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:fetchmail-6.3.26-20.14.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:fetchmailconf-6.3.26-20.14.1
Ссылки
- CVE-2021-36386
- SUSE Bug 1188875
- SUSE Bug 1224188