Family: Debian Local Security Checks --> Category: infos
[DSA900] DSA-900-3 fetchmail Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Due to restrictive dependency definition for fetchmail-ssl the updated fetchmailconf
package couldn't be installed on the old stable distribution (woody)
together with fetchmail-ssl. Hence, this update loosens it, so that
the update can be pulled in. For completeness we're including the
original advisory text:
Thomas Wolff discovered that the fetchmailconf program which is
provided as part of fetchmail, an SSL enabled POP3, APOP, IMAP mail
gatherer/forwarder, creates the new configuration in an insecure
fashion that can lead to leaking passwords for mail accounts to local
This update also fixes a regression in the package for stable caused
by the last security update.
For the old stable distribution (woody) this problem has been fixed in
version 5.9.11-6.4 of fetchmail and in version 5.9.11-6.3 of
For the stable distribution (sarge) this problem has been fixed in
For the unstable distribution (sid) this problem has been fixed in
We recommend that you upgrade your fetchmail package.
Solution : http://www.debian.org/security/2005/dsa-900
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.