ALAS-2012-132


Amazon Linux AMI Security Advisory: ALAS-2012-132
Advisory Release Date: 2014-09-14 17:08 Pacific
Severity: Low
References: CVE-2012-3482 

Issue Overview:

Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.


Affected Packages:

fetchmail


Issue Correction:
Run yum update fetchmail to update your system.

New Packages:
i686:
    fetchmail-6.3.17-1.9.amzn1.i686
    fetchmail-debuginfo-6.3.17-1.9.amzn1.i686

src:
    fetchmail-6.3.17-1.9.amzn1.src

x86_64:
    fetchmail-debuginfo-6.3.17-1.9.amzn1.x86_64
    fetchmail-6.3.17-1.9.amzn1.x86_64