MGASA-2014-0450
- Source
- https://advisories.mageia.org/MGASA-2014-0450.html
- Import Source
- https://advisories.mageia.org/MGASA-2014-0450.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2014-0450
- Upstream
- Published
- 2014-11-14T11:50:06Z
- Modified
- 2026-04-16T06:25:18.995334919Z
- Summary
- Updated getmail package fixes security vulnerabilities
- Details
-
The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate (CVE-2014-7273).
The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority (CVE-2014-7274).
The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate (CVE-2014-7275).
- References
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:3 / getmail
Package
- Name
- getmail
- Purl
- pkg:rpm/mageia/getmail?arch=source&distro=mageia-3
Mageia:4 / getmail
Package
- Name
- getmail
- Purl
- pkg:rpm/mageia/getmail?arch=source&distro=mageia-4