Mailinglist Archive: opensuse-updates (40 mails)

< Previous Next >
openSUSE-SU-2014:1315-1: moderate: update for getmail
openSUSE Security Update: update for getmail
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:1315-1
Rating: moderate
References: #900217
Cross-References: CVE-2014-7273 CVE-2014-7274 CVE-2014-7275

Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:


- getmail 4.46.0 [bnc#900217] This release fixes several similar
vulnerabilities that could allow a man-in-the-middle attacker to read
encrypted traffic due to pack of certificate verification against the
hostname.
* fix --idle checking Python version incorrectly, resulting in incorrect
warning about running with Python < 2.5
* add missing support for SSL certificate checking in POP3 which broke
POP retrieval in v4.45.0 [CVE-2014-7275]
- includes changes from 4.45.0:
* perform hostname-vs-certificate matching of SSL certificate if
validating the certifcate [CVE-2014-7274]
* fix missing plaintext versions of documentation
- includes changes from 4.44.0:
* add extended SSL options for IMAP retrievers, allowing certificate
verification and other features [CVE-2014-7273]
* fix missing plaintext versions of documentation
* fix "Header instance has no attribute 'strip'" error which cropped up
in some configurations


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-598

- openSUSE 12.3:

zypper in -t patch openSUSE-2014-598

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.1 (noarch):

getmail-4.46.0-2.4.1
getmail-doc-4.46.0-2.4.1

- openSUSE 12.3 (noarch):

getmail-4.46.0-2.4.1
getmail-doc-4.46.0-2.4.1


References:

http://support.novell.com/security/cve/CVE-2014-7273.html
http://support.novell.com/security/cve/CVE-2014-7274.html
http://support.novell.com/security/cve/CVE-2014-7275.html
https://bugzilla.suse.com/show_bug.cgi?id=900217


< Previous Next >
This Thread
  • No further messages