- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --------------------------------------------------------------------------
PACKAGE : fetchmail
SUMMARY : Remote vulnerability
DATE : 2002-12-16 18:38:00
ID : CLA-2002:554
RELEVANT
RELEASES : 6.0, 7.0, 8
- -------------------------------------------------------------------------
DESCRIPTION
Fetchmail is a popular mail retrieval and forwarding utility.
Stefan Esser discovered[1] a buffer overflow vulnerability in
fetchmail versions prior to 6.1.3 (inclusive) that can be exploited
remotelly with the use of specially crafted mail messages. By
exploiting this the attacker can crash fetchmail or execute arbitrary
code with the privileges of the user running it.
The updated packages listed in this announcement include a fix for
this problem.
SOLUTION
All fetchmail users should upgrade.
IMPORTANT: if fetchmail is running as a daemon, it will have to be
restarted in order to run the new version.
REFERENCES:
1.http://security.e-matters.de/advisories/052002.html
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/fetchmail-5.9.12-1U60_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/fetchmailconf-5.9.12-1U60_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/fetchmail-doc-5.9.12-1U60_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/fetchmail-5.9.12-1U60_4cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/fetchmail-5.9.12-1U70_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/fetchmailconf-5.9.12-1U70_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/fetchmail-doc-5.9.12-1U70_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/fetchmail-5.9.12-1U70_4cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/fetchmail-5.9.12-1U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/fetchmailconf-5.9.12-1U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/fetchmail-doc-5.9.12-1U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/fetchmail-5.9.12-1U80_3cl.src.rpm
ADDITIONAL INSTRUCTIONS
Users of Conectiva Linux version 6.0 or higher may use apt to perform
upgrades of RPM packages:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --------------------------------------------------------------------------
PACKAGE : kernel 2.4
SUMMARY : Local denial of service vulnerability
DATE : 2002-12-16 17:41:00
ID : CLA-2002:553
RELEVANT
RELEASES : 7.0, 8
- -------------------------------------------------------------------------
DESCRIPTION
The Linux kernel is responsible for handling the basic functions of
the Conectiva Linux operating system.
Christophe Devine reported[1] a vulnerability in versions prior to
2.4.20 of the linux kernel that could be exploited by a local
non-root user to completely "freeze" the machine. A local attacker
could exploit this vulnerability to cause a Denial of Service (DoS)
condition. This update fixes this problem.
Please note that the updated kernel packages here listed are
available in our update servers since November 20, 2002.
SOLUTION
All users should upgrade the kernel immediately.
IMPORTANT: it is not possible to use apt to apply kernel updates.
These packages have to be updated manually. Generic kernel update
instructions can be found in our updates page[2].
Kernel 2.2 users in Conectiva Linux 6.0 and 7.0 are also vulnerable
to this issue. It is recommended that these users upgrade to the
latest (2.4) kernel, but updated packages for the 2.2 series are
being prepared and will be released in a near future.
REFERENCES:
1.http://online.securityfocus.com/archive/1/299687/2002-11-11/2002-11-17/0
2.http://distro.conectiva.com.br/atualizacoes/?idioma=en
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-2.4.12-4U70_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-2.4.12-4U70_4cl.i586.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-2.4.12-4U70_4cl.i686.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-BOOT-2.4.12-4U70_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-doc-2.4.12-4U70_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-enterprise-2.4.12-4U70_4cl.i686.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-headers-2.4.12-4U70_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-smp-2.4.12-4U70_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-smp-2.4.12-4U70_4cl.i586.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-smp-2.4.12-4U70_4cl.i686.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-source-2.4.12-4U70_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/kernel-2.4.12-4U70_4cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-2.4.19-1U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-2.4.19-1U80_5cl.i586.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-2.4.19-1U80_5cl.i686.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-BOOT-2.4.19-1U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-doc-2.4.19-1U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-enterprise-2.4.19-1U80_5cl.i686.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-headers-2.4.19-1U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-rbc-2.4.19-1U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-smp-2.4.19-1U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-smp-2.4.19-1U80_5cl.i586.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-smp-2.4.19-1U80_5cl.i686.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kernel-source-2.4.19-1U80_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/kernel-2.4.19-1U80_5cl.src.rpm
ADDITIONAL INSTRUCTIONS
Users of Conectiva Linux version 6.0 or higher may use apt to perform
upgrades of RPM packages:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.