Otkriven je nedostatak u programskom paketu fetchmail kojeg je moguće iskoristiti za udaljeno izvođenje napada uskraćivanja usluge (eng. Denial of Service).

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-8011
2011-06-08 23:32:49
--------------------------------------------------------------------------------

Name        : fetchmail
Product     : Fedora 15
Version     : 6.3.20
Release     : 1.fc15
URL         : http://fetchmail.berlios.de/
Summary     : A remote mail retrieval and forwarding utility
Description :
Fetchmail is a remote mail retrieval and forwarding utility intended
for use over on-demand TCP/IP links, like SLIP or PPP connections.
Fetchmail supports every remote-mail protocol currently in use on the
Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6,
and IPSEC) for retrieval. Then Fetchmail forwards the mail through
SMTP so you can read it through your favorite mail client.

Install fetchmail if you need to retrieve mail over SLIP or PPP
connections.

--------------------------------------------------------------------------------
Update Information:

This update fixes CVE-2011-1947.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun  7 2011 Vitezslav Crhonek <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 6.3.20-1
- Update to fetchmail-6.3.20
* Thu Jun  2 2011 Vitezslav Crhonek <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 6.3.19-5
- Fix CVE-2011-1947
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #709284 - CVE-2011-1947 fetchmail: Application hang due unguarded
blocking I/O in IMAP/POP3 STARTTLS initialization (fetchmail-SA-2011-01)
        https://bugzilla.redhat.com/show_bug.cgi?id=709284
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update fetchmail' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-8021
2011-06-08 23:33:12
--------------------------------------------------------------------------------

Name        : fetchmail
Product     : Fedora 14
Version     : 6.3.20
Release     : 1.fc14
URL         : http://fetchmail.berlios.de/
Summary     : A remote mail retrieval and forwarding utility
Description :
Fetchmail is a remote mail retrieval and forwarding utility intended
for use over on-demand TCP/IP links, like SLIP or PPP connections.
Fetchmail supports every remote-mail protocol currently in use on the
Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6,
and IPSEC) for retrieval. Then Fetchmail forwards the mail through
SMTP so you can read it through your favorite mail client.

Install fetchmail if you need to retrieve mail over SLIP or PPP
connections.

--------------------------------------------------------------------------------
Update Information:

This update fixes CVE-2011-1947.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun  7 2011 Vitezslav Crhonek <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 6.3.20-1
- Update to fetchmail-6.3.20
* Mon Mar  7 2011 Vitezslav Crhonek <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 6.3.17-3
- Remove server(smtp) dependency
* Wed Feb  9 2011 Vitezslav Crhonek <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 6.3.17-2
- Disable /usr/bin/procmail fallback
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #709284 - CVE-2011-1947 fetchmail: Application hang due unguarded
blocking I/O in IMAP/POP3 STARTTLS initialization (fetchmail-SA-2011-01)
        https://bugzilla.redhat.com/show_bug.cgi?id=709284
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update fetchmail' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-8059
2011-06-08 23:34:40
--------------------------------------------------------------------------------

Name        : fetchmail
Product     : Fedora 13
Version     : 6.3.20
Release     : 1.fc13
URL         : http://fetchmail.berlios.de/
Summary     : A remote mail retrieval and forwarding utility
Description :
Fetchmail is a remote mail retrieval and forwarding utility intended
for use over on-demand TCP/IP links, like SLIP or PPP connections.
Fetchmail supports every remote-mail protocol currently in use on the
Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6,
and IPSEC) for retrieval. Then Fetchmail forwards the mail through
SMTP so you can read it through your favorite mail client.

Install fetchmail if you need to retrieve mail over SLIP or PPP
connections.

--------------------------------------------------------------------------------
Update Information:

This update fixes CVE-2011-1947.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun  7 2011 Vitezslav Crhonek <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 6.3.20-1
- Update to fetchmail-6.3.20
* Tue May 25 2010 Vitezslav Crhonek <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 6.3.17-1
- Update to fetchmail-6.3.17
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #709284 - CVE-2011-1947 fetchmail: Application hang due unguarded
blocking I/O in IMAP/POP3 STARTTLS initialization (fetchmail-SA-2011-01)
        https://bugzilla.redhat.com/show_bug.cgi?id=709284
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update fetchmail' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce