GLSA-200403-10 : Fetchmail 6.2.5 fixes a remote DoS
Medium Nessus Plugin ID 14461
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200403-10 (Fetchmail 6.2.5 fixes a remote DoS)
Fetchmail versions 6.2.4 and earlier can be crashed by sending a specially crafted email to a Fetchmail user. This problem occurs because Fetchmail does not properly allocate memory for long lines in an incoming email.
Fetchmail users who receive a malicious email may have their Fetchmail program crash.
While a workaround is not currently known for this issue, all users are advised to upgrade to the latest version of Fetchmail.
SolutionFetchmail users should upgrade to version 6.2.5 or later:
# emerge sync # emerge -pv '>=net-mail/fetchmail-6.2.5' # emerge '>=net-mail/fetchmail-6.2.5'