RedHat: RHSA-2021-4181:03 Moderate: mutt security, bug fix,
Summary
Mutt is a low resource, highly configurable, text-based MIME e-mail client.
Mutt supports most e-mail storing formats, such as mbox and Maildir, as
well as most protocols, including POP3 and IMAP.
The following packages have been upgraded to a later upstream version: mutt
(2.0.7). (BZ#1912614)
Security Fix(es):
* mutt: Incorrect handling of invalid initial IMAP responses could lead to
an authentication attempt over unencrypted connection (CVE-2020-28896)
* mutt: Memory leak when parsing rfc822 group addresses (CVE-2021-3181)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.5 Release Notes linked from the References section.
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2020-28896 https://access.redhat.com/security/cve/CVE-2021-3181 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
Package List
Red Hat Enterprise Linux AppStream (v. 8):
Source:
mutt-2.0.7-1.el8.src.rpm
aarch64:
mutt-2.0.7-1.el8.aarch64.rpm
mutt-debuginfo-2.0.7-1.el8.aarch64.rpm
mutt-debugsource-2.0.7-1.el8.aarch64.rpm
ppc64le:
mutt-2.0.7-1.el8.ppc64le.rpm
mutt-debuginfo-2.0.7-1.el8.ppc64le.rpm
mutt-debugsource-2.0.7-1.el8.ppc64le.rpm
s390x:
mutt-2.0.7-1.el8.s390x.rpm
mutt-debuginfo-2.0.7-1.el8.s390x.rpm
mutt-debugsource-2.0.7-1.el8.s390x.rpm
x86_64:
mutt-2.0.7-1.el8.x86_64.rpm
mutt-debuginfo-2.0.7-1.el8.x86_64.rpm
mutt-debugsource-2.0.7-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update for mutt is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
Bugs Fixed
1890084 - RFE: Enable oauth2 support in mutt
1900826 - CVE-2020-28896 mutt: Incorrect handling of invalid initial IMAP responses could lead to an authentication attempt over unencrypted connection
1912614 - [RFE] Rebase mutt packages to mutt v2.x+
1920446 - CVE-2021-3181 mutt: Memory leak when parsing rfc822 group addresses