MGASA-2025-0238

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2025-0238.html

Import Source

https://advisories.mageia.org/MGASA-2025-0238.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2025-0238

Related

CVE-2025-61962

Published

2025-10-14T17:45:08Z

Modified

2025-10-14T16:47:08Z

Summary

Updated fetchmail package fixes security vulnerability

Details

It was discovered that fetchmail's SMTP client, when configured to authenticate, is susceptible to a protocol violation where, when a trusted but malicious or malfunctioning SMTP server responds to an authentication request with a "334" code but without a following blank on the line, it will attempt to start reading from memory address 0x1 to parse the server's SASL challenge. This event will usually cause a crash of fetchmail (CVE-2025-61962).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / fetchmail

Package

Name: fetchmail
Purl: pkg:rpm/mageia/fetchmail?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.5.6-1.mga9

Ecosystem specific

{
    "section": "core"
}