An update for fetchmail is now available for openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2424 Final 1.0 1.0 2025-10-17 Initial 2025-10-17 2025-10-17 openEuler SA Tool V1.0 2025-10-17 fetchmail security update An update for fetchmail is now available for openEuler-22.03-LTS-SP3 Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6, and IPSEC) for retrieval. Then Fetchmail forwards the mail through SMTP so you can read it through your favorite mail client. Security Fix(es): In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context. This vulnerability is classified as CWE-142. The product receives input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could be interpreted as value delimiters when they are sent to a downstream component, which impacts availability.(CVE-2025-61962) An update for fetchmail is now available for openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium fetchmail https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2424 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-61962 https://nvd.nist.gov/vuln/detail/CVE-2025-61962 openEuler-22.03-LTS-SP3 fetchmail-6.4.22-3.oe2203sp3.aarch64.rpm fetchmail-debuginfo-6.4.22-3.oe2203sp3.aarch64.rpm fetchmail-debugsource-6.4.22-3.oe2203sp3.aarch64.rpm fetchmail-6.4.22-3.oe2203sp3.src.rpm fetchmail-6.4.22-3.oe2203sp3.x86_64.rpm fetchmail-debuginfo-6.4.22-3.oe2203sp3.x86_64.rpm fetchmail-debugsource-6.4.22-3.oe2203sp3.x86_64.rpm In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context. This vulnerability is classified as CWE-142. The product receives input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could be interpreted as value delimiters when they are sent to a downstream component, which impacts availability. 2025-10-17 CVE-2025-61962 openEuler-22.03-LTS-SP3 Medium 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H fetchmail security update 2025-10-17 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2424