Fetchmail suffers from a similar NULL terminator bypass in how it handles SSL certificates, as demonstrated with CVE-2009-2408. The upstream svn repository [1] has been updated with a currently-untested patch (revision 5389), which I will attach in a moment. [1] http://mknod.org/svn/fetchmail/branches/BRANCH_6-3/
Created attachment 356415 [details] upstream patch (r5389) to correct the issue (untested)
Upstream released version 6.3.11 to address this flaw, upstream advisory: http://www.fetchmail.info/fetchmail-SA-2009-01.txt
fetchmail-6.3.8-9.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/fetchmail-6.3.8-9.fc10
fetchmail-6.3.9-5.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/fetchmail-6.3.9-5.fc11
fetchmail-6.3.9-5.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
fetchmail-6.3.8-9.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2009:1427 https://rhn.redhat.com/errata/RHSA-2009-1427.html