USN-233-1: fetchmail vulnerability
3 January 2006
fetchmail vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.10
- Ubuntu 5.04
- Ubuntu 4.10
Software Description
Details
Steve Fosdick discovered a remote Denial of Service vulnerability in fetchmail. When using fetchmail in ‘multidrop’ mode, a malicious email server could cause a crash by sending an email without any headers. Since fetchmail is commonly called automatically (with cron, for example), this crash could go unnoticed.
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 5.10
- fetchmail
- Ubuntu 5.04
- fetchmail
- Ubuntu 4.10
- fetchmail
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.