Описание
Security update for fetchmail
This update for fetchmail fixes the following issues:
-
CVE-2021-36386: Fixed DoS or information disclosure in some configurations (bsc#1188875).
-
CVE-2021-39272: Fixed STARTTLS session encryption bypassing (fetchmail-SA-2021-02) (bsc#1190069).
-
Update to 6.4.22 (bsc#1152964, jsc#SLE-18159, jsc#SLE-17903, jsc#SLE-18059)
-
Remove all python2 dependencies (bsc#1190896).
-
De-hardcode /usr/lib path for launch executable (bsc#1174075).
-
Added hardening to systemd service(s) (bsc#1181400).
Список пакетов
openSUSE Leap 15.3
Ссылки
- E-Mail link for openSUSE-SU-2021:4018-1
- SUSE Security Ratings
- SUSE Bug 1152964
- SUSE Bug 1174075
- SUSE Bug 1181400
- SUSE Bug 1188875
- SUSE Bug 1190069
- SUSE Bug 1190896
- SUSE CVE CVE-2021-36386 page
- SUSE CVE CVE-2021-39272 page
Описание
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.
Затронутые продукты
Ссылки
- CVE-2021-36386
- SUSE Bug 1188875
- SUSE Bug 1224188
Описание
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.
Затронутые продукты
Ссылки
- CVE-2021-39272
- SUSE Bug 1190069