pool/fetchmail
SHA256
17
0
Fork 2
Code Issues Pull Requests Activity

Compare commits

merge into: pool:factory
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2
...
pull from: pool:slfo-main
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2

1 Commits
factory ... slfo-main

Author SHA256 Message Date
Angel Yankov
ad71aaf14d Fix CVE-2025-61962 2025-11-05 10:21:44 +02:00
3 changed files with 52 additions and 0 deletions
Expand all files Collapse all files

44
fetchmail-CVE-2025-61962.patch Normal file
View File

@@ -0,0 +1,44 @@
commit 4c3cebfa4e659fb778ca2cae0ccb3f69201609a8
Author: Matthias Andree <matthias.andree@gmx.de>
Date: Fri Oct 3 13:11:59 2025 +0200
Security fix: avoid NULL+1 deref on invalid AUTH reply
When fetchmail receives a 334 reply from the SMTP server
that does not contain the mandated blank after that response
code, it will attempt reading from memory location 1, which
will usually lead to a crash.
The simpler fix would have been to check for four bytes "334 "
instead of three bytes "334" but that would make malformed
replies and those that don't match the expected reply code
indistinguishable.
Index: fetchmail-6.5.2/smtp.c
===================================================================
--- fetchmail-6.5.2.orig/smtp.c
+++ fetchmail-6.5.2/smtp.c
@@ -93,6 +93,11 @@ static void SMTP_auth(int sock, char smt
}
p = strchr(tmp, ' ');
+ if (!p) {
+ report(stderr, "%s: \"%s\"\n", GT_("Malformed server reply"), visbuf(tmp));
+ SMTP_auth_error(sock, "");
+ return;
+ }
p++;
/* (hmh) from64tobits will not NULL-terminate strings! */
if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
@@ -146,6 +151,11 @@ static void SMTP_auth(int sock, char smt
}
p = strchr(tmp, ' ');
+ if (!p) {
+ report(stderr, "%s: \"%s\"\n", GT_("Malformed server reply"), visbuf(tmp));
+ SMTP_auth_error(sock, "");
+ return;
+ }
p++;
if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
SMTP_auth_error(sock, GT_("Bad base64 reply from server.\n"));

6
fetchmail.changes
View File

@@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Nov 5 08:20:48 UTC 2025 - Angel Yankov <angel.yankov@suse.com>
- Security update: Fix [bsc#1251194, CVE-2025-61962]
* Add fetchmail-CVE-2025-61962.patch
-------------------------------------------------------------------
Tue Jan 14 08:56:46 UTC 2025 - Angel Yankov <angel.yankov@suse.com>

2
fetchmail.spec
View File

@@ -50,6 +50,8 @@ Patch11: fetchmail-increase-max-password-length-to-handle-oauth-tokens.pa
Patch12: fetchmail-bump-max-passwordlen-to-1bytes.patch
Patch13: fetchmail-add-readme-oauth2-issue-27.patch
Patch14: fetchmailconf-no-more-future.patch
# PATCH-FIX-UPSTREAM: bsc#1251194, CVE-2025-61962 - denial of service
Patch15: fetchmail-CVE-2025-61962.patch
BuildRequires: automake
BuildRequires: bison
BuildRequires: fdupes