Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:4018-1

Опубликовано: 14 дек. 2021
Источник: suse-cvrf

Описание

Security update for fetchmail

This update for fetchmail fixes the following issues:

  • CVE-2021-36386: Fixed DoS or information disclosure in some configurations (bsc#1188875).

  • CVE-2021-39272: Fixed STARTTLS session encryption bypassing (fetchmail-SA-2021-02) (bsc#1190069).

  • Update to 6.4.22 (bsc#1152964, jsc#SLE-18159, jsc#SLE-17903, jsc#SLE-18059)

  • Remove all python2 dependencies (bsc#1190896).

  • De-hardcode /usr/lib path for launch executable (bsc#1174075).

  • Added hardening to systemd service(s) (bsc#1181400).

Список пакетов

SUSE Enterprise Storage 6
fetchmail-6.4.22-20.20.1
fetchmailconf-6.4.22-20.20.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
fetchmail-6.4.22-20.20.1
fetchmailconf-6.4.22-20.20.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
fetchmail-6.4.22-20.20.1
fetchmailconf-6.4.22-20.20.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
fetchmail-6.4.22-20.20.1
fetchmailconf-6.4.22-20.20.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
fetchmail-6.4.22-20.20.1
fetchmailconf-6.4.22-20.20.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
fetchmail-6.4.22-20.20.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
fetchmail-6.4.22-20.20.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
fetchmailconf-6.4.22-20.20.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP3
fetchmailconf-6.4.22-20.20.1
SUSE Linux Enterprise Server 15 SP1-BCL
fetchmail-6.4.22-20.20.1
fetchmailconf-6.4.22-20.20.1
SUSE Linux Enterprise Server 15 SP1-LTSS
fetchmail-6.4.22-20.20.1
fetchmailconf-6.4.22-20.20.1
SUSE Linux Enterprise Server 15-LTSS
fetchmail-6.4.22-20.20.1
fetchmailconf-6.4.22-20.20.1
SUSE Linux Enterprise Server for SAP Applications 15
fetchmail-6.4.22-20.20.1
fetchmailconf-6.4.22-20.20.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
fetchmail-6.4.22-20.20.1
fetchmailconf-6.4.22-20.20.1

Ссылки

Описание

report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.

Затронутые продукты
SUSE Enterprise Storage 6:fetchmail-6.4.22-20.20.1
SUSE Enterprise Storage 6:fetchmailconf-6.4.22-20.20.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:fetchmail-6.4.22-20.20.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:fetchmailconf-6.4.22-20.20.1
Ссылки

Описание

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.

Затронутые продукты
SUSE Enterprise Storage 6:fetchmail-6.4.22-20.20.1
SUSE Enterprise Storage 6:fetchmailconf-6.4.22-20.20.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:fetchmail-6.4.22-20.20.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:fetchmailconf-6.4.22-20.20.1
Ссылки
Уязвимость SUSE-SU-2021:4018-1