Upstream information

CVE-2010-1167 at MITRE

Description

fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.

SUSE information

Overall state of this security issue: Ignore

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.3
Vector AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entry: 597673 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • fetchmail >= 6.3.26-5.18
Patchnames:
SUSE Linux Enterprise Desktop 12 GA fetchmail
SUSE Linux Enterprise Desktop 12 SP1
  • fetchmail >= 6.3.26-5.18
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA fetchmail
SUSE Linux Enterprise Desktop 12 SP2
  • fetchmail >= 6.3.26-12.3
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA fetchmail
SUSE Linux Enterprise Desktop 12 SP3
  • fetchmail >= 6.3.26-12.3
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA fetchmail
SUSE Linux Enterprise Module for Basesystem 15
  • fetchmail >= 6.3.26-3.27
Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 GA fetchmail
SUSE Linux Enterprise Module for Desktop Applications 15
  • fetchmailconf >= 6.3.26-3.27
Patchnames:
SUSE Linux Enterprise Module for Desktop Applications 15 GA fetchmailconf
SUSE Linux Enterprise Server 12
  • fetchmail >= 6.3.26-5.9
  • fetchmailconf >= 6.3.26-5.9
Patchnames:
SUSE Linux Enterprise Server 12 GA fetchmail
SUSE Linux Enterprise Server 12 SP1
  • fetchmail >= 6.3.26-5.18
  • fetchmailconf >= 6.3.26-5.18
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA fetchmail
SUSE Linux Enterprise Server 12 SP2
  • fetchmail >= 6.3.26-12.3
  • fetchmailconf >= 6.3.26-12.3
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA fetchmail
SUSE Linux Enterprise Server 12 SP3
  • fetchmail >= 6.3.26-12.3
  • fetchmailconf >= 6.3.26-12.3
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA fetchmail
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • fetchmail >= 6.3.26-12.3
  • fetchmailconf >= 6.3.26-12.3
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA fetchmail
openSUSE Leap 42.1
  • fetchmail >= 6.3.26-12.2
Patchnames:
openSUSE Leap 42.1 GA fetchmail
openSUSE Leap 42.2
  • fetchmail >= 6.3.26-18.1
Patchnames:
openSUSE Leap 42.2 GA fetchmail
openSUSE Leap 42.3
  • fetchmail >= 6.3.26-20.2
Patchnames:
openSUSE Leap 42.3 GA fetchmail
openSUSE Tumbleweed
  • fetchmail >= 6.3.26-13.4
  • fetchmailconf >= 6.3.26-13.4
Patchnames:
openSUSE Tumbleweed GA fetchmail