[sflack-security] fetchmail (SFSA:2007-024-01)
In according to slackware-security a new fetchmail packages,
are available for Sflack 11.0, to fix security issues.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867
Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
2007-01-25 patches/packages/fetchmail-6.3.6-x86_64-1_sflack11.0.tgz:
* Upgraded to fetchmail-6.3.6. This fixes two security issues.
First, a bug introduced in fetchmail-6.3.5 could cause fetchmail
to crash.However, no stable version of Slackware ever shipped
fetchmail-6.3.5. Second, a long standing bug (reported by Isaac
Wilcox) could cause fetchmail to send a password in clear text
or omit using TLS even when configured otherwise. All fetchmail
users are encouraged to consider using getmail, or to upgrade to
the new fetchmail packages.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867
(* Security fix *)
+--------------------------+
Sflack Linux Security Team
http://sflack.com/gpg-key
security a sflack.com
[sflack-security] fetchmail (SFSA:2007-024-01)
| 
| 