I've recieved a mail from the dfn-cert concerning a remote exploitable buffer overflow in fetchmail when processing emails with very long headers [reported by Debian]. Is the SuSE-package vunerable as well? I think this is quite important 'cause many people (including me) are using fetchmail in a production environment and they don't need a buffer overflow there... ;-) Yes, we are. The packages have just completed building and should arrive on the ftp server within hours. Announcement will follow.
I downloaded the fetchmail update (SuSE ftp) and installed it. Unfortunately, I am not able to fetch my mails from our ISP any more, because in version 5.65 is a bug, which makes fetchmail useless for us. Whenever i try to fetch mails (with the help of the ETRN command) i am asked a password. The website says:
fetchmail-5.6.6 * Fixed locale setting; this should make i18n actually work. * Resolved Debian bug #85938: fetchmail asks for a password when using ETRN. * ...
The last fetchmail version is 5.8.7 and the latest 'gold' version is 5.8.0. Can i install the intel binary rpm from the fetchmail-homepage? In other words: what is the difference between the fetchmail and SuSE Version? Can you help me? I do not want to install the old version of fetchmail, which was able to do ETRN. Thank you in advance. CU Sven