Mageia Bugzilla – Bug 12985
imapsync new security issue CVE-2013-4279
Last modified: 2014-03-12 17:33:18 CET
Fedora has issued an advisory on March 6:
It disables a feature where it phones home checking for newer versions available causing information leakage about the system on which it's being executed.
Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron.
Updated imapsync package fixes security vulnerability:
Imapsync, by default, runs a "release check" when executed, which causes
imapsync to connect to http://imapsync.lamiral.info and send information
about the version of imapsync, the operating system and perl (CVE-2013-4279).
The imapsync package has been patched to disable this feature.
Updated packages in core/updates_testing:
Steps to Reproduce:
after installation of imapsync and simple run of imapsync wihtout any options iftop shows:
MGA3_32bit => ks.lamiral.info 0b 0b 83b
after update iptop does not show this network connection anymore
successfully tested on mga3 32bit
updates with same procedure successfully tested for
after advisory from Comment #0 is uploaded updates can be moved to core_updates.
Well done Marc, you're back in the groove!
Advisory uploaded. Validating.
Could sysadmin please push to 3 & 4 updates