Log

AVG-1880 edited at 27 Aug 2021 10:26:29
Affected
- 5.13.12.zen1-1
+ 5.13.13.zen1-1
AVG-1879 edited at 27 Aug 2021 10:26:23
Affected
- 5.13.12.arch1-1
+ 5.13.13.arch1-1
AVG-1594 edited at 27 Aug 2021 10:24:22
Affected
- 5.13.12.arch1-1
+ 5.13.13.arch1-1
AVG-2326 edited at 27 Aug 2021 10:19:37
Severity
- Unknown
+ Medium
CVE-2021-39272 edited at 27 Aug 2021 10:19:37
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Notes
Workaround
==========
- Where the IMAP or POP3 server supports this form of access, fetchmail can be configured to use Implicit TLS, called "ssl" mode, meaning it will connect to a dedicated port (default: 993 for IMAP, 995 for POP3) and negotiate TLS without prior clear-text protocol exchange.
+ Where the IMAP or POP3 server supports this form of access, fetchmail can be configured to use Implicit TLS, called "ssl" mode, meaning it will connect to a dedicated port (default: 993 for IMAP, 995 for POP3) and negotiate TLS without prior clear-text protocol exchange.
Also, --ssl can be given on the command line, which switches all configured server statements to this Implicit TLS mode.
CVE-2021-39272 edited at 27 Aug 2021 10:18:50
Type
- Unknown
+ Information disclosure
Description
+ Fetchmail before version 6.4.22 continues an unencrypted connection, thus reading unauthenticated input and sending information unencrypted over its transport.
References
+ https://www.fetchmail.info/fetchmail-SA-2021-02.txt
+ https://sourceforge.net/p/fetchmail/git/ci/3837f0e2e42b43c69b46d240adcbbe3a2c68ce95/
Notes
+ Workaround
+ ==========
+
+ Where the IMAP or POP3 server supports this form of access, fetchmail can be configured to use Implicit TLS, called "ssl" mode, meaning it will connect to a dedicated port (default: 993 for IMAP, 995 for POP3) and negotiate TLS without prior clear-text protocol exchange.
+
+ Also, --ssl can be given on the command line, which switches all configured server statements to this Implicit TLS mode.
AVG-2326 created at 27 Aug 2021 10:13:38
Packages
+ fetchmail
Issues
+ CVE-2021-39272
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 6.4.21-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-39272 created at 27 Aug 2021 10:13:38
AVG-2325 edited at 27 Aug 2021 10:11:20
Severity
- Unknown
+ Low
CVE-2020-18974 edited at 27 Aug 2021 10:11:20
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Type
- Unknown
+ Denial of service
Description
+ A buffer overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147.
References
+ https://bugzilla.nasm.us/show_bug.cgi?id=3392568
Notes
AVG-2325 created at 27 Aug 2021 10:10:44
Packages
+ nasm
Issues
+ CVE-2020-18974
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 2.15.05-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2020-18974 created at 27 Aug 2021 10:10:44
AVG-1881 edited at 27 Aug 2021 10:08:26
Issues
CVE-2020-26555
CVE-2020-26556
CVE-2020-26557
CVE-2020-26559
CVE-2020-26560
CVE-2021-3542
CVE-2021-3640
CVE-2021-3669
CVE-2021-3739
+ CVE-2021-3743
CVE-2021-31615
AVG-1880 edited at 27 Aug 2021 10:08:21
Issues
CVE-2020-26555
CVE-2020-26556
CVE-2020-26557
CVE-2020-26559
CVE-2020-26560
CVE-2021-3542
CVE-2021-3640
CVE-2021-3669
CVE-2021-3739
+ CVE-2021-3743
CVE-2021-31615