News

=========================================================== Ubuntu Security Notice USN-233-1 January 02, 2006 fetchmail vulnerability CVE-2005-4348 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: fetchmail The problem can be corrected by upgrading the affected package to version 6.2.5-8ubuntu2.3 (for Ubuntu 4.10), 6.2.5-12ubuntu1.3 (for Ubuntu 5.04), or 6.2.5-13ubuntu3.2 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Steve Fosdick discovered a remote Denial of Service vulnerability in fetchmail. When using fetchmail in 'multidrop' mode, a malicious email server could cause a crash by sending an email without any headers. Since fetchmail is commonly called automatically (with cron, for example), this crash could go unnoticed.