Fedora has issued an advisory on March 6: https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129687.html It disables a feature where it phones home checking for newer versions available causing information leakage about the system on which it's being executed. Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron. Advisory: ======================== Updated imapsync package fixes security vulnerability: Imapsync, by default, runs a "release check" when executed, which causes imapsync to connect to http://imapsync.lamiral.info and send information about the version of imapsync, the operating system and perl (CVE-2013-4279). The imapsync package has been patched to disable this feature. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4279 https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129687.html ======================== Updated packages in core/updates_testing: ======================== imapsync-1.584-1.1.mga3 imapsync-1.584-1.1.mga4 from SRPMS: imapsync-1.584-1.1.mga3.src.rpm imapsync-1.584-1.1.mga4.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
URL: (none) => http://lwn.net/Vulnerabilities/590190/
after installation of imapsync and simple run of imapsync wihtout any options iftop shows: MGA3_32bit => ks.lamiral.info 0b 0b 83b after update iptop does not show this network connection anymore successfully tested on mga3 32bit
CC: (none) => marc.lattemannWhiteboard: MGA3TOO => MGA3TOO MGA4-32-OK
updates with same procedure successfully tested for mag3 64bit mga4 32bit mga4 64bit after advisory from Comment #0 is uploaded updates can be moved to core_updates.
Whiteboard: MGA3TOO MGA4-32-OK => MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-64-OK
Well done Marc, you're back in the groove! Advisory uploaded. Validating. Could sysadmin please push to 3 & 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-64-OK => MGA3TOO has_procedure advisory MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-64-OKCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0127.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED