SOT Linux Security Advisory
Subject: | Updated fetchmail package for SOT Linux 2003 |
Advisory ID: | SLSA-2003:47 |
Date: | Tuesday, October 21, 2003 |
Product: | SOT Linux 2003 |
1. Problem description
A bug was discovered in fetchmail 6.2.4 where a specially
crafted email message can cause fetchmail to crash.
Thanks to Nalin Dahyabhai of Red Hat for providing the patch to fix
the problem.
Users of fetchmail are advised to upgrade to the packages contained
within this erratum.
2. Updated packages
SOT Linux 2003 Desktop:
i386:
ftp://ftp.sot.com/updates/2003/Desktop/i386/fetchmail-6.2.4-1.i386.rpm
SRPMS:
ftp://ftp.sot.com/updates/2003/Desktop/SRPMS/fetchmail-6.2.4-1.src.rpm
SOT Linux 2003 Server:
i386:
ftp://ftp.sot.com/updates/2003/Server/i386/fetchmail-6.2.4-1.i386.rpm
SRPMS:
ftp://ftp.sot.com/updates/2003/Server/SRPMS/fetchmail-6.2.4-1.src.rpm
3. Upgrading package
Before applying this update, make sure all previously released
errata relevant to your system have been applied. Use up2date to
automatically upgrade the fixed packages.
If you want to upgrade manually, download the updated package
from the SOT Linux FTP site (use the links above) or from one of
our mirrors. The list of mirrors can be obtained at www.sot.com/en/linux
Update the package with the following command: rpm -Uvh
<filename>
4. Verification
All packages are PGP signed by SOT for security.
You can verify each package with the following command: rpm
–checksig <filename>
If you wish to verify the integrity of the downloaded package,
run “md5sum <filename>” and compare the output with data
given below.
Package Name MD5 sum
/Desktop/i386/fetchmail-6.2.4-1.i386.rpm
f93fab05642d10833d20b4c5a92f6716
/Desktop/SRPMS/fetchmail-6.2.4-1.src.rpm
4fd6e39ba338bae05099f3f28bbdf040
/Server/i386/fetchmail-6.2.4-1.i386.rpm
f93fab05642d10833d20b4c5a92f6716
/Server/SRPMS/fetchmail-6.2.4-1.src.rpm
4fd6e39ba338bae05099f3f28bbdf040
5. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0792
Copyright(c) 2001-2003 SOT