Security update for fetchmail SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:3006-1 Final 1 1 2024-08-23T14:46:48Z current 2024-08-23T14:46:48Z 2024-08-23T14:46:48Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for fetchmail This update for fetchmail fixes the following issues: - Fixed regression in patch for CVE-2021-36386 (bsc#1224188) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-3006,SUSE-SLE-SERVER-12-SP5-2024-3006 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20243006-1/ Link for SUSE-SU-2024:3006-1 https://lists.suse.com/pipermail/sle-updates/2024-August/036671.html E-Mail link for SUSE-SU-2024:3006-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1224188 SUSE Bug 1224188 https://www.suse.com/security/cve/CVE-2021-36386/ SUSE CVE CVE-2021-36386 page SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 fetchmail-6.3.26-13.18.1 fetchmailconf-6.3.26-13.18.1 fetchmail-6.3.26-13.18.1 as a component of SUSE Linux Enterprise Server 12 SP5 fetchmailconf-6.3.26-13.18.1 as a component of SUSE Linux Enterprise Server 12 SP5 fetchmail-6.3.26-13.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 fetchmailconf-6.3.26-13.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user. CVE-2021-36386 SUSE Linux Enterprise Server 12 SP5:fetchmail-6.3.26-13.18.1 SUSE Linux Enterprise Server 12 SP5:fetchmailconf-6.3.26-13.18.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:fetchmail-6.3.26-13.18.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:fetchmailconf-6.3.26-13.18.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243006-1/ https://www.suse.com/security/cve/CVE-2021-36386.html CVE-2021-36386 https://bugzilla.suse.com/1188875 SUSE Bug 1188875 https://bugzilla.suse.com/1224188 SUSE Bug 1224188