U radu programskog paketa Fetchmail uočen je sigurnosni propust koji udaljenom napadaču omogućuje DoS (eng. Denial of Service) napad.
Paket:
fetchmail 6.x
Operacijski sustavi:
Slackware Linux 8.1, Slackware Linux 9.0, Slackware Linux 9.1, Slackware Linux 10.0, Slackware Linux 10.1, Slackware Linux 10.2, Slackware Linux 11.0, Slackware Linux 12.0, Slackware Linux 12.1, Slackware Linux 12.2, Slackware Linux 13.0, Slackware Linux 13.1, Slackware Linux 13.37
Kritičnost:
3.7
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-1947
Izvorni ID preporuke:
SSA:2011-171-01
Izvor:
Slackware
Problem:
Sigurnosna ranjivost je posljedica pogrešnog ograničavanja vremena čekanja prilikom rukovanja "STARTTLS" i "STLS" zahtjevima.
Posljedica:
Udaljenom napadaču sigurnosni propust omogućuje napad uskraćivanjem usluge (eng. Denial of Service).
Rješenje:
Svim se korisnicima navedenog programskog paketa savjetuje korištenje dostupnih programskih zakrpa.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] fetchmail (SSA:2011-171-01)
New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current
to fix a security issue.
Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
patches/packages/fetchmail-6.3.20-i486-1_slack13.37.txz: Upgraded.
This release fixes a denial of service in STARTTLS protocol phases.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1947
http://www.fetchmail.info/fetchmail-SA-2011-01.txt
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/fetchmail-6.3.20-i386-1_slack8.1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/fetchmail-6.3.20-i386-1_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/fetchmail-6.3.20-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/fetchmail-6.3.20-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/fetchmail-6.3.20-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/fetchmail-6.3.20-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/fetchmail-6.3.20-i486-1_slack11.0.tgz
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/fetchmail-6.3.20-i486-1_slack12.0.tgz
Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/fetchmail-6.3.20-i486-1_slack12.1.tgz
Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/fetchmail-6.3.20-i486-1_slack12.2.tgz
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/fetchmail-6.3.20-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/fetchmail-6.3.20-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/fetchmail-6.3.20-i486-1_slack13.1.txz
Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/fetchmail-6.3.20-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/fetchmail-6.3.20-x86_64-1_slack13.1.txz
Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/fetchmail-6.3.20-x86_64-1_slack13.37.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/fetchmail-6.3.20-i486-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/fetchmail-6.3.20-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 8.1 package:
ed020b7bf1a553e92092664a495adf17 fetchmail-6.3.20-i386-1_slack8.1.tgz
Slackware 9.0 package:
2aba52a35229d979a472d121bb7c2339 fetchmail-6.3.20-i386-1_slack9.0.tgz
Slackware 9.1 package:
d58750a18677fa0fa63efc47dd8cd4e5 fetchmail-6.3.20-i486-1_slack9.1.tgz
Slackware 10.0 package:
d9944ebd68c0300b494cd0b278b1eaec fetchmail-6.3.20-i486-1_slack10.0.tgz
Slackware 10.1 package:
5fddac4a8afdcbeba13703f94f98003f fetchmail-6.3.20-i486-1_slack10.1.tgz
Slackware 10.2 package:
8abf48200bedc5897bde83c3e9bd58a6 fetchmail-6.3.20-i486-1_slack10.2.tgz
Slackware 11.0 package:
cea9c8de9094ac4a899a6d2ba53ffcbb fetchmail-6.3.20-i486-1_slack11.0.tgz
Slackware 12.0 package:
b0558f407456fbadf58f6b3f18f87ce9 fetchmail-6.3.20-i486-1_slack12.0.tgz
Slackware 12.1 package:
e0bc2ae10534550cd862a1ff7e95b784 fetchmail-6.3.20-i486-1_slack12.1.tgz
Slackware 12.2 package:
39e2505382098cccae8ca52a835f8e36 fetchmail-6.3.20-i486-1_slack12.2.tgz
Slackware 13.0 package:
569fb0ca5a8d849eb3ca2af344737a6a fetchmail-6.3.20-i486-1_slack13.0.txz
Slackware x86_64 13.0 package:
5f913ce96a9bf2d8ac819a11f028fafe fetchmail-6.3.20-x86_64-1_slack13.0.txz
Slackware 13.1 package:
6b5e9308b587e49af7b300c99d5d6289 fetchmail-6.3.20-i486-1_slack13.1.txz
Slackware 13.37 package:
bf124b737550c50bba8cdb3312c994b3 fetchmail-6.3.20-i486-1_slack13.37.txz
Slackware x86_64 13.1 package:
ae05ca4a125ce8e69c0852bfc32ba5a0 fetchmail-6.3.20-x86_64-1_slack13.1.txz
Slackware x86_64 13.37 package:
8d85bad773a70e37933abc99156eecc8 fetchmail-6.3.20-x86_64-1_slack13.37.txz
Slackware -current package:
39b55e908cf0424d2dc36107873d46d8 n/fetchmail-6.3.20-i486-1.txz
Slackware x86_64 -current package:
45f75a0df71ec1a20eae45e955bc1068 n/fetchmail-6.3.20-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg fetchmail-6.3.20-i486-1_slack13.37.txz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite. with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk3/dc8ACgkQakRjwEAQIjMl4QCePcA9lcwoVQ10Fk40WdUDCFki
KcAAn03ptahx0E/cO4Y30tGaZOK7Cc7t
=nYGz
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke