User: Password:
Subscribe / Log in / New account

Immunix alert IMNX-2003-7+-023-01 (fetchmail, fetchmailconf)

From:  Immunix Security Team <>
Subject:  Immunix Secured OS 7+ fetchmail update
Date:  Mon, 20 Oct 2003 14:51:48 -0700

----------------------------------------------------------------------- Immunix Secured OS Security Advisory Packages updated: fetchmail, fetchmailconf Affected products: Immunix OS 7+ Bugs fixed: CAN-2002-1365, CAN-2003-0792, CAN-2003-0790 Date: Fri Oct 17 2003 Advisory ID: IMNX-2003-7+-023-01 Author: Seth Arnold <> ----------------------------------------------------------------------- Description: This update fixes several bugs in fetchmail, including a broken boundary condition check in the multidrop code, a header overflow that neglected to account for '@' signs in email addresses (CAN-2002-1365), a header-rewriting bug (CAN-2003-0792), and a head-reading bug (CAN-2003-0790; this CAN is likely to be revoked, but the patch appears to be nicely defensive). Immunix would like to thank Stefan Esser, Dave Jones, Markus Friedl, Nalin Dahyabhai, Mark J Cox, and Eric S. Raymond for diagnosing and fixing the problems. It is unknown if any of these problems lead to more than a Denial of Service attack. We do not believe StackGuard provides protection for any of the bugs addressed here. Package names and locations: Precompiled binary packages for Immunix 7+ are available at: A source package for Immunix 7+ is available at: Immunix OS 7+ md5sums: fb8091d8401059cdc1e7f44efb2f8d5f RPMS/fetchmail-5.9.0-10_imnx_1.i386.rpm b70e0a1cbd01c40a51496218d14b26f1 RPMS/fetchmailconf-5.9.0-10_imnx_1.i386.rpm ff1fda573b367c2ac5f81e2c4b3f2d74 SRPMS/fetchmail-5.9.0-10_imnx_1.src.rpm GPG verification: Our public keys are available at Immunix, Inc., has changed policy with GPG keys. We maintain several keys now: C53B2B53 for Immunix 7+ package signing, D3BA6C17 for Immunix 7.3 package signing, and 1B7456DA for general security issues. NOTE: Ibiblio is graciously mirroring our updates, so if the links above are slow, please try: or one of the many mirrors available at: ImmunixOS 6.2 is no longer officially supported. ImmunixOS 7.0 is no longer officially supported. Contact information: To report vulnerabilities, please contact Immunix attempts to conform to the RFP vulnerability disclosure protocol

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds