fetchmailSecurity update for fetchmailSecurity update for fetchmailThree security issues have been fixed in fetchmail:
CVE-2005-4348: fetchmail when configured for multidrop
mode, allows remote attackers to cause a denial of service
(application crash) by sending messages without headers
from upstream mail servers.
CVE-2006-5867: fetchmail did not properly enforce TLS and
may transmit cleartext passwords over unsecured links if
certain circumstances occur, which allows remote attackers
to obtain sensitive information via man-in-the-middle
(MITM) attacks.
CVE-2006-5974: fetchmail when refusing a message delivered
via the mda option, allowed remote attackers to cause a
denial of service (crash) via unknown vectors that trigger
a NULL pointer dereference when calling the ferror or
fflush functions.
Three security issues have been fixed in fetchmail:
CVE-2005-4348: fetchmail when configured for multidrop
mode, allows remote attackers to cause a denial of service
(application crash) by sending messages without headers
from upstream mail servers.
CVE-2006-5867: fetchmail did not properly enforce TLS and
may transmit cleartext passwords over unsecured links if
certain circumstances occur, which allows remote attackers
to obtain sensitive information via man-in-the-middle
(MITM) attacks.
CVE-2006-5974: fetchmail when refusing a message delivered
via the mda option, allowed remote attackers to cause a
denial of service (crash) via unknown vectors that trigger
a NULL pointer dereference when calling the ferror or
fflush functions.
securityfetchmaili586155606e112ad98e3d79ad33ade9ca5ea0452ac09