Mandriva Linux Security Advisory : fetchmail (MDVSA-2013:037)

Multiple vulnerabilities has been found and corrected in fetchmail : Fetchmail version 6.3.9 enabled all SSL workarounds SSLOPALL which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an...

Mandriva Update for fetchmail MDVSA-2012:149 (fetchmail)

Check for the Version of fetchmail OpenVAS Vulnerability Test Mandriva Update for fetchmail MDVSA-2012:149 fetchmail Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

CURL-CVE-2011-3389 SSL CBC IV vulnerability

curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer. This vulnerability has been identified CVE-2011-3389 aka the "BEAST" attack and is addressed by OpenSSL already as they have made a workaround to mitigate the problem. When doing so, they figured out...

fetchmail -- chosen plaintext attack against SSL CBC initialization vectors

Matthias Andree reports: Fetchmail version 6.3.9 enabled "all SSL workarounds" SSLOPALL which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application fetchmail...