Amazon Linux 1 Security Advisory: ALAS-2012-132
Advisory Release Date: 2012-10-08 10:41 Pacific
Advisory Updated Date: 2014-09-14 17:08 Pacific
Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.
Affected Packages:
fetchmail
Issue Correction:
Run yum update fetchmail to update your system.
i686:
fetchmail-6.3.17-1.9.amzn1.i686
fetchmail-debuginfo-6.3.17-1.9.amzn1.i686
src:
fetchmail-6.3.17-1.9.amzn1.src
x86_64:
fetchmail-debuginfo-6.3.17-1.9.amzn1.x86_64
fetchmail-6.3.17-1.9.amzn1.x86_64