USN-233-1: fetchmail vulnerability

3 January 2006

fetchmail vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.10
  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

Steve Fosdick discovered a remote Denial of Service vulnerability in fetchmail. When using fetchmail in ‘multidrop’ mode, a malicious email server could cause a crash by sending an email without any headers. Since fetchmail is commonly called automatically (with cron, for example), this crash could go unnoticed.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
fetchmail
Ubuntu 5.04
fetchmail
Ubuntu 4.10
fetchmail

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References