1 |
28.12.2014 20:38, Mikle Kolyada пишет: |
2 |
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
3 |
> Gentoo Linux Security Advisory GLSA 201412-50 |
4 |
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
5 |
> http://security.gentoo.org/ |
6 |
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
7 |
> |
8 |
> Severity: Normal |
9 |
> Title: getmail: Information disclosure |
10 |
> Date: December 28, 2014 |
11 |
> Bugs: #524684 |
12 |
> ID: 201412-50 |
13 |
> |
14 |
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
15 |
> |
16 |
> Synopsis |
17 |
> ======== |
18 |
> |
19 |
> Multiple vulnerabilities have been discovered in getmail, allowing |
20 |
> remote attackers to obtain sensitive information. |
21 |
> |
22 |
> Background |
23 |
> ========== |
24 |
> |
25 |
> getmail is a POP3 mail retriever with reliable Maildir and mbox |
26 |
> delivery. |
27 |
> |
28 |
> Affected packages |
29 |
> ================= |
30 |
> |
31 |
> ------------------------------------------------------------------- |
32 |
> Package / Vulnerable / Unaffected |
33 |
> ------------------------------------------------------------------- |
34 |
> 1 net-mail/getmail < 4.46.0 >= 4.46.0 |
35 |
> |
36 |
> Description |
37 |
> =========== |
38 |
> |
39 |
> Multiple vulnerabilities have been discovered in getmail. Please review |
40 |
> the CVE identifiers referenced below for details. |
41 |
> |
42 |
> Impact |
43 |
> ====== |
44 |
> |
45 |
> A remote attacker could cause a man-in-the-middle attack via multiple |
46 |
> vectors to obtain sensitive information. |
47 |
> |
48 |
> Workaround |
49 |
> ========== |
50 |
> |
51 |
> There is no known workaround at this time. |
52 |
> |
53 |
> Resolution |
54 |
> ========== |
55 |
> |
56 |
> All getmail users should upgrade to the latest version: |
57 |
> |
58 |
> # emerge --sync |
59 |
> # emerge --ask --oneshot --verbose ">=net-mail/getmail-4.46.0" |
60 |
> |
61 |
> References |
62 |
> ========== |
63 |
> |
64 |
> [ 1 ] CVE-2014-7273 |
65 |
> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7273 |
66 |
> [ 2 ] CVE-2014-7274 |
67 |
> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7274 |
68 |
> [ 3 ] CVE-2014-7275 |
69 |
> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7275 |
70 |
> |
71 |
> Availability |
72 |
> ============ |
73 |
> |
74 |
> This GLSA and any updates to it are available for viewing at |
75 |
> the Gentoo Security Website: |
76 |
> |
77 |
> http://security.gentoo.org/glsa/glsa-201412-50.xml |
78 |
> |
79 |
> Concerns? |
80 |
> ========= |
81 |
> |
82 |
> Security is a primary focus of Gentoo Linux and ensuring the |
83 |
> confidentiality and security of our users' machines is of utmost |
84 |
> importance to us. Any security concerns should be addressed to |
85 |
> security@g.o or alternatively, you may file a bug at |
86 |
> https://bugs.gentoo.org. |
87 |
> |
88 |
> License |
89 |
> ======= |
90 |
> |
91 |
> Copyright 2014 Gentoo Foundation, Inc; referenced text |
92 |
> belongs to its owner(s). |
93 |
> |
94 |
> The contents of this document are licensed under the |
95 |
> Creative Commons - Attribution / Share Alike license. |
96 |
> |
97 |
> http://creativecommons.org/licenses/by-sa/2.5 |
98 |
> |
99 |
> |
100 |
Sorry for mailspam, wrong list :/ |