An update for fetchmail is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1314 Final 1.0 1.0 2021-08-20 Initial 2021-08-20 2021-08-20 openEuler SA Tool V1.0 2021-08-20 fetchmail security update An update for fetchmail is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6, and IPSEC) for retrieval. Then Fetchmail forwards the mail through SMTP so you can read it through your favorite mail client. Install fetchmail if you need to retrieve mail over SLIP or PPP connections. Security Fix(es): report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.(CVE-2021-36386) An update for fetchmail is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High fetchmail https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1314 https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-36386 https://nvd.nist.gov/vuln/detail/CVE-2021-36386 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 fetchmail-debuginfo-6.4.20-1.oe1.aarch64.rpm fetchmail-debugsource-6.4.20-1.oe1.aarch64.rpm fetchmail-6.4.20-1.oe1.aarch64.rpm fetchmail-6.4.20-1.oe1.aarch64.rpm fetchmail-debuginfo-6.4.20-1.oe1.aarch64.rpm fetchmail-debugsource-6.4.20-1.oe1.aarch64.rpm fetchmail-help-6.4.20-1.oe1.noarch.rpm fetchmail-help-6.4.20-1.oe1.noarch.rpm fetchmail-6.4.20-1.oe1.src.rpm fetchmail-6.4.20-1.oe1.src.rpm fetchmail-debugsource-6.4.20-1.oe1.x86_64.rpm fetchmail-6.4.20-1.oe1.x86_64.rpm fetchmail-debuginfo-6.4.20-1.oe1.x86_64.rpm fetchmail-debugsource-6.4.20-1.oe1.x86_64.rpm fetchmail-6.4.20-1.oe1.x86_64.rpm fetchmail-debuginfo-6.4.20-1.oe1.x86_64.rpm report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user. 2021-08-20 CVE-2021-36386 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H fetchmail security update 2021-08-20 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1314