MDVSA-2011:107 -- Mandriva fetchmailID: oval:org.secpod.oval:def:301035 | Date: (C)2012-01-07 (M)2021-06-02 |
Class: PATCH | Family: unix |
Multiple vulnerabilities were discovered and corrected in fetchmail: fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service via a crafted message header or POP3 UIDL list . NOTE: This vulnerability did not affect Mandriva Linux 2010.2. fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a STARTTLS or STLS request, which allows remote servers to cause a denial of service by acknowledging the request but not sending additional packets . Packages for 2009.0 are provided as of the Extended Maintenance Program
Platform: |
Mandriva Linux 2010.1 |
Mandriva Linux 2009.0 |