Mageia: Advisory MGASA-2018-0447 Moderate: Mutt Code Execution Risk

mageia

November 15, 2018

It was discovered that Mutt incorrectly handled certain requests

Summary

It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this to execute arbitrary code (CVE-2018-14350, CVE-2018-14352, CVE-2018-14354, CVE-2018-14359, CVE-2018-14358, CVE-2018-14353 ,CVE-2018-14357).
It was discovered that Mutt incorrectly handled certain inputs. An attacker could possibly use this to access or expose sensitive information (CVE-2018-14355, CVE-2018-14356, CVE-2018-14351, CVE-2018-14362, CVE-2018-14349).
nntp_add_group in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage (CVE-2018-14360).
nntp.c proceeds even if memory allocation fails for messages data (CVE-2018-14361).
newsrc.c does not properlyrestrict '/' characters that may have unsafe interaction with cache pathnames (CVE-2018-14363).

References

- https://bugs.mageia.org/show_bug.cgi?id=23345

- https://ubuntu.com/security/notices/USN-3719-1

- - https://www.cve.org/CVERecord?id=CVE-2018-14349

- https://www.cve.org/CVERecord?id=CVE-2018-14350

- https://www.cve.org/CVERecord?id=CVE-2018-14351

- https://www.cve.org/CVERecord?id=CVE-2018-14352

- https://www.cve.org/CVERecord?id=CVE-2018-14353

- https://www.cve.org/CVERecord?id=CVE-2018-14354

- https://www.cve.org/CVERecord?id=CVE-2018-14355

- https://www.cve.org/CVERecord?id=CVE-2018-14356

- https://www.cve.org/CVERecord?id=CVE-2018-14357

- https://www.cve.org/CVERecord?id=CVE-2018-14358

- https://www.cve.org/CVERecord?id=CVE-2018-14359

- https://www.cve.org/CVERecord?id=CVE-2018-14360

- https://www.cve.org/CVERecord?id=CVE-2018-14361

- https://www.cve.org/CVERecord?id=CVE-2018-14362

- https://www.cve.org/CVERecord?id=CVE-2018-14363

Topics Covered

security advisory update buffer overflow code execution Mageia sensitive info exposure

Resolution

SRPMS

- 6/core/mutt-1.10.1-1.1.mga6

Publication date: 15 Nov 2018

URL: https://advisories.mageia.org/MGASA-2018-0447.html

Type: security

CVE: CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352, CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356, CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14360, CVE-2018-14361, CVE-2018-14362, CVE-2018-14363

Topics Covered

security advisory update buffer overflow code execution Mageia sensitive info exposure

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia: Advisory MGASA-2018-0447 Moderate: Mutt Code Execution Risk

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia: Advisory MGASA-2018-0447 Moderate: Mutt Code Execution Risk

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!