Compare commits
1 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
| ad71aaf14d |
44
fetchmail-CVE-2025-61962.patch
Normal file
44
fetchmail-CVE-2025-61962.patch
Normal file
@@ -0,0 +1,44 @@
|
|||||||
|
commit 4c3cebfa4e659fb778ca2cae0ccb3f69201609a8
|
||||||
|
Author: Matthias Andree <matthias.andree@gmx.de>
|
||||||
|
Date: Fri Oct 3 13:11:59 2025 +0200
|
||||||
|
|
||||||
|
Security fix: avoid NULL+1 deref on invalid AUTH reply
|
||||||
|
|
||||||
|
When fetchmail receives a 334 reply from the SMTP server
|
||||||
|
that does not contain the mandated blank after that response
|
||||||
|
code, it will attempt reading from memory location 1, which
|
||||||
|
will usually lead to a crash.
|
||||||
|
|
||||||
|
The simpler fix would have been to check for four bytes "334 "
|
||||||
|
instead of three bytes "334" but that would make malformed
|
||||||
|
replies and those that don't match the expected reply code
|
||||||
|
indistinguishable.
|
||||||
|
|
||||||
|
Index: fetchmail-6.5.2/smtp.c
|
||||||
|
===================================================================
|
||||||
|
--- fetchmail-6.5.2.orig/smtp.c
|
||||||
|
+++ fetchmail-6.5.2/smtp.c
|
||||||
|
@@ -93,6 +93,11 @@ static void SMTP_auth(int sock, char smt
|
||||||
|
}
|
||||||
|
|
||||||
|
p = strchr(tmp, ' ');
|
||||||
|
+ if (!p) {
|
||||||
|
+ report(stderr, "%s: \"%s\"\n", GT_("Malformed server reply"), visbuf(tmp));
|
||||||
|
+ SMTP_auth_error(sock, "");
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
p++;
|
||||||
|
/* (hmh) from64tobits will not NULL-terminate strings! */
|
||||||
|
if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
|
||||||
|
@@ -146,6 +151,11 @@ static void SMTP_auth(int sock, char smt
|
||||||
|
}
|
||||||
|
|
||||||
|
p = strchr(tmp, ' ');
|
||||||
|
+ if (!p) {
|
||||||
|
+ report(stderr, "%s: \"%s\"\n", GT_("Malformed server reply"), visbuf(tmp));
|
||||||
|
+ SMTP_auth_error(sock, "");
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
p++;
|
||||||
|
if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
|
||||||
|
SMTP_auth_error(sock, GT_("Bad base64 reply from server.\n"));
|
||||||
@@ -1,3 +1,9 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Nov 5 08:20:48 UTC 2025 - Angel Yankov <angel.yankov@suse.com>
|
||||||
|
|
||||||
|
- Security update: Fix [bsc#1251194, CVE-2025-61962]
|
||||||
|
* Add fetchmail-CVE-2025-61962.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Jan 14 08:56:46 UTC 2025 - Angel Yankov <angel.yankov@suse.com>
|
Tue Jan 14 08:56:46 UTC 2025 - Angel Yankov <angel.yankov@suse.com>
|
||||||
|
|
||||||
|
|||||||
@@ -50,6 +50,8 @@ Patch11: fetchmail-increase-max-password-length-to-handle-oauth-tokens.pa
|
|||||||
Patch12: fetchmail-bump-max-passwordlen-to-1bytes.patch
|
Patch12: fetchmail-bump-max-passwordlen-to-1bytes.patch
|
||||||
Patch13: fetchmail-add-readme-oauth2-issue-27.patch
|
Patch13: fetchmail-add-readme-oauth2-issue-27.patch
|
||||||
Patch14: fetchmailconf-no-more-future.patch
|
Patch14: fetchmailconf-no-more-future.patch
|
||||||
|
# PATCH-FIX-UPSTREAM: bsc#1251194, CVE-2025-61962 - denial of service
|
||||||
|
Patch15: fetchmail-CVE-2025-61962.patch
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
BuildRequires: bison
|
BuildRequires: bison
|
||||||
BuildRequires: fdupes
|
BuildRequires: fdupes
|
||||||
|
|||||||
Reference in New Issue
Block a user