Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
202
security advisorymoderate severitymutt updateopenSUSE: 2023:3826-1 Moderate: Mutt Email Client NULL Pointer
This update for mutt fixes the following issues: CVE-2023-4874: Fixed NULL pointer dereference when composing an email (bsc#1215189).. # Security update for mutt Announcement ID: SUSE-SU-2023:3826-1 Rating: moderate References: * #1215189 * #1215191 Cross-References: * CVE-2023-4874 * CVE-2023-4875 CVSS scores: * CVE-2023-4874 ( SUSE ): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2023-4874 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-4875 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-4875 ( NVD ): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for mutt fixes the following issues: * CVE-2023-4874: Fixed NULL pointer dereference when composing an email (bsc#1215189). * CVE-2023-4875: Fixed NULL pointer dereference when receiving an email (bsc#1215191). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patchopenSUSE-SLE-15.4-2023-3826=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3826=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3826=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3826=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3826=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3826=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3826=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * mutt-debugsource-1.10.1-150000.3.26.1 * mutt-1.10.1-150000.3.26.1 * mutt-debuginfo-1.10.1-150000.3.26.1 * openSUSE Leap 15.4 (noarch) * mutt-doc-1.10.1-150000.3.26.1 * mutt-lang-1.10.1-150000.3.26.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * mutt-debugsource-1.10.1-150000.3.26.1 * mutt-1.10.1-150000.3.26.1 * mutt-debuginfo-1.10.1-150000.3.26.1 * openSUSE Leap 15.5 (noarch) * mutt-doc-1.10.1-150000.3.26.1 * mutt-lang-1.10.1-150000.3.26.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * mutt-debugsource-1.10.1-150000.3.26.1 * mutt-1.10.1-150000.3.26.1 * mutt-debuginfo-1.10.1-150000.3.26.1 * Basesystem Module 15-SP4 (noarch) * mutt-doc-1.10.1-150000.3.26.1 * mutt-lang-1.10.1-150000.3.26.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * mutt-debugsource-1.10.1-150000.3.26.1 * mutt-1.10.1-150000.3.26.1 * mutt-debuginfo-1.10.1-150000.3.26.1 * Basesystem Module 15-SP5 (noarch) * mutt-doc-1.10.1-150000.3.26.1 * mutt-lang-1.10.1-150000.3.26.1 * SUSE Manager Proxy 4.2 (x86_64) * mutt-debugsource-1.10.1-150000.3.26.1 * mutt-1.10.1-150000.3.26.1 * mutt-debuginfo-1.10.1-150000.3.26.1 * SUSE Manager Proxy 4.2 (noarch) * mutt-doc-1.10.1-150000.3.26.1 *mutt-lang-1.10.1-150000.3.26.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * mutt-debugsource-1.10.1-150000.3.26.1 * mutt-1.10.1-150000.3.26.1 * mutt-debuginfo-1.10.1-150000.3.26.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * mutt-doc-1.10.1-150000.3.26.1 * mutt-lang-1.10.1-150000.3.26.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * mutt-debugsource-1.10.1-150000.3.26.1 * mutt-1.10.1-150000.3.26.1 * mutt-debuginfo-1.10.1-150000.3.26.1 * SUSE Manager Server 4.2 (noarch) * mutt-doc-1.10.1-150000.3.26.1 * mutt-lang-1.10.1-150000.3.26.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4874.html * https://www.suse.com/security/cve/CVE-2023-4875.html * https://bugzilla.suse.com/show_bug.cgi?id=1215189 * https://bugzilla.suse.com/show_bug.cgi?id=1215191 . A significant enhancement for mutt tackles two concerns regarding NULL pointer dereference during email transmission and reception.. mutt security update, openSUSE advisory, email client issues. . LinuxSecurity.com Team
Sep 27, 2023
OpenSUSE
98
security advisorybuffer overflowRed Hat Enterprise LinuxRed Hat Enterprise Linux 8 RHSA-2022-7640-01 Moderate Mutt Buffer Overflow
An update for mutt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: mutt security update Advisory ID: RHSA-2022:7640-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7640 Issue date: 2022-11-08 CVE Names: CVE-2022-1328 ==================================================================== 1. Summary: An update for mutt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fix(es): * mutt: buffer overflow in uudecoder function (CVE-2022-1328) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2076058 - CVE-2022-1328 mutt: buffer overflow in uudecoder function 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: mutt-2.0.7-2.el8.src.rpm aarch64: mutt-2.0.7-2.el8.aarch64.rpm mutt-debuginfo-2.0.7-2.el8.aarch64.rpm mutt-debugsource-2.0.7-2.el8.aarch64.rpm ppc64le: mutt-2.0.7-2.el8.ppc64le.rpm mutt-debuginfo-2.0.7-2.el8.ppc64le.rpm mutt-debugsource-2.0.7-2.el8.ppc64le.rpm s390x: mutt-2.0.7-2.el8.s390x.rpm mutt-debuginfo-2.0.7-2.el8.s390x.rpm mutt-debugsource-2.0.7-2.el8.s390x.rpm x86_64: mutt-2.0.7-2.el8.x86_64.rpm mutt-debuginfo-2.0.7-2.el8.x86_64.rpm mutt-debugsource-2.0.7-2.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-1328 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/8.7_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY2pSLdzjgjWX9erEAQgyGQ/9Gk82Ufd1vAsiR1U9bWKAL4758ONwtEx2 LgJv/9w1IJSiAw5CVH8lqNc9GnKxbeyZ4UWLImCvNVyVG41SegpN5hqiJrsK+WGi PbbHp9jIxcNIg0iNPqwmOBBIOfZ/s0GJI3xhxWFW1LFjhRLo0eY7fyDMJMjga49M 7v5iyhXE9i+0QmFKM+fXbbo7DzCzARk8yKqg3p3ZnN56ex5ehMuo9rPgdeZbyEPh cT9nwGCJfwdDWbUo+9BPrbAo3GqgHEfFSxYgNHKO8sateQrw6C8A39vWYpYL2XGb qg/EgDStCgaQ7nvPHg6U4bt4+G5NWIGEvBMIHxPjSTzeLj0gsr+cLgEUFds3u3NQ d4bXNZclOb3ZTlLbV4+rK04a3TkZfUSJPxZSpgiNBiAYGPpvQYKfUJCITsG0Dtau FmUsreLSvlRDr5TwW18N2qCZQuCF3f8wmY+aE6pgjAUEdDFkQoEyeyCFtSj6Zy+g J/vSXcv/93K+nyQhN8hJt318/QAAubyGzk8HSyylLNFveMCOKek54KvJsKApoYnU C+TUfRp4kbWb8yuYRr9uoeGMFcsWXfA0ekDSK5MBE7UOChseb6I1I/joJ6yihn7v xuekszWl9Vz/6styFBOUkk/z0+eA52QNtg/EscCvSpLQWnGavor9jwn8HJW2tM/j stxsLa2gw2Y=+raj -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 08, 2022
Red Hat
100
security advisorymutt updateimportant fixSUSE Linux 12-SP4: 2020:3632-1 Important: Mutt Connection Hazard
An update that solves one vulnerability and has two fixes is now available. . SUSE Security Update: Security update for mutt ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3632-1 Rating: important References: #1179035 #1179113 #1179461 Cross-References: CVE-2020-28896 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for mutt fixes the following issues: - Find and display the content of messages properly. (bsc#1179461) - CVE-2020-28896: incomplete connection termination could send credentials over unencrypted connections. (bsc#1179035) - Avoid that message with a million tiny parts can freeze MUA for several minutes. (bsc#1179113) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3632=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3632=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3632=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-3632=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-3632=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3632=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3632=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3632=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3632=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3632=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3632=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3632=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3632=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3632=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-3632=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-3632=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE OpenStack Cloud 9 (x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE OpenStack Cloud 8 (x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE OpenStack Cloud 7 (s390x x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 - HPE Helion Openstack 8 (x86_64): mutt-1.10.1-55.18.1 mutt-debuginfo-1.10.1-55.18.1 mutt-debugsource-1.10.1-55.18.1 References: https://www.suse.com/security/cve/CVE-2020-28896.html https://bugzilla.suse.com/show_bug.cgi?id=1179035 https://bugzilla.suse.com/show_bug.cgi?id=1179113 https://bugzilla.suse.com/show_bug.cgi?id=1179461 . SUSE Security Notice: Critical updates for fetchmail address credential exposure and enhance email processing.. SUSE Linux Mutt Update, Open Source Email Client, Security Patch. . Severity: Important. LinuxSecurity.com Team
Dec 07, 2020
•Important
SuSE
98
security advisorycode executionRed Hat Enterprise LinuxRed Hat: RHSA-2018-2526-01 Important Mutt Code Execution Issue
An update for mutt is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: mutt security update Advisory ID: RHSA-2018:2526-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2526 Issue date: 2018-08-20 CVE Names: CVE-2018-14354 CVE-2018-14357 CVE-2018-14362 ==================================================================== 1. Summary: An update for mutt is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x 3. Description: Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fix(es): * mutt: Remote code injection vulnerability to an IMAPmailbox (CVE-2018-14354) * mutt: Remote Code Execution via backquote characters (CVE-2018-14357) * mutt: POP body caching path traversal vulnerability (CVE-2018-14362) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1602069 - CVE-2018-14354 mutt: Remote code injection vulnerability to an IMAP mailbox 1602079 - CVE-2018-14362 mutt: POP body caching path traversal vulnerability 1602915 - CVE-2018-14357 mutt: Remote Code Execution via backquote characters 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: mutt-1.5.20-9.20091214hg736b6a.el6.src.rpm i386: mutt-1.5.20-9.20091214hg736b6a.el6.i686.rpm mutt-debuginfo-1.5.20-9.20091214hg736b6a.el6.i686.rpm x86_64: mutt-1.5.20-9.20091214hg736b6a.el6.x86_64.rpm mutt-debuginfo-1.5.20-9.20091214hg736b6a.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: mutt-1.5.20-9.20091214hg736b6a.el6.src.rpm x86_64: mutt-1.5.20-9.20091214hg736b6a.el6.x86_64.rpm mutt-debuginfo-1.5.20-9.20091214hg736b6a.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: mutt-1.5.20-9.20091214hg736b6a.el6.src.rpm i386: mutt-1.5.20-9.20091214hg736b6a.el6.i686.rpm mutt-debuginfo-1.5.20-9.20091214hg736b6a.el6.i686.rpm ppc64: mutt-1.5.20-9.20091214hg736b6a.el6.ppc64.rpm mutt-debuginfo-1.5.20-9.20091214hg736b6a.el6.ppc64.rpm s390x: mutt-1.5.20-9.20091214hg736b6a.el6.s390x.rpm mutt-debuginfo-1.5.20-9.20091214hg736b6a.el6.s390x.rpm x86_64: mutt-1.5.20-9.20091214hg736b6a.el6.x86_64.rpm mutt-debuginfo-1.5.20-9.20091214hg736b6a.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v.6): Source: mutt-1.5.20-9.20091214hg736b6a.el6.src.rpm i386: mutt-1.5.20-9.20091214hg736b6a.el6.i686.rpm mutt-debuginfo-1.5.20-9.20091214hg736b6a.el6.i686.rpm x86_64: mutt-1.5.20-9.20091214hg736b6a.el6.x86_64.rpm mutt-debuginfo-1.5.20-9.20091214hg736b6a.el6.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: mutt-1.5.21-28.el7_5.src.rpm x86_64: mutt-1.5.21-28.el7_5.x86_64.rpm mutt-debuginfo-1.5.21-28.el7_5.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: mutt-1.5.21-28.el7_5.src.rpm x86_64: mutt-1.5.21-28.el7_5.x86_64.rpm mutt-debuginfo-1.5.21-28.el7_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: mutt-1.5.21-28.el7_5.src.rpm ppc64: mutt-1.5.21-28.el7_5.ppc64.rpm mutt-debuginfo-1.5.21-28.el7_5.ppc64.rpm ppc64le: mutt-1.5.21-28.el7_5.ppc64le.rpm mutt-debuginfo-1.5.21-28.el7_5.ppc64le.rpm s390x: mutt-1.5.21-28.el7_5.s390x.rpm mutt-debuginfo-1.5.21-28.el7_5.s390x.rpm x86_64: mutt-1.5.21-28.el7_5.x86_64.rpm mutt-debuginfo-1.5.21-28.el7_5.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: mutt-1.5.21-28.el7_5.src.rpm aarch64: mutt-1.5.21-28.el7_5.aarch64.rpm mutt-debuginfo-1.5.21-28.el7_5.aarch64.rpm ppc64le: mutt-1.5.21-28.el7_5.ppc64le.rpm mutt-debuginfo-1.5.21-28.el7_5.ppc64le.rpm s390x: mutt-1.5.21-28.el7_5.s390x.rpm mutt-debuginfo-1.5.21-28.el7_5.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: mutt-1.5.21-28.el7_5.src.rpm x86_64: mutt-1.5.21-28.el7_5.x86_64.rpm mutt-debuginfo-1.5.21-28.el7_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-14354 https://access.redhat.com/security/cve/CVE-2018-14357 https://access.redhat.com/security/cve/CVE-2018-14362 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW3rmK9zjgjWX9erEAQhPGA/9HLwFzxG4TQSaAlbrWHbDLBuVlZcWJ7bd 6RolTh+hOOyZBDgFRn2R+4Kj/ayqs66DNngUael1dbKGmFLXhJTXFGwyHusCNGzl WZSB+mNG6EJlFaG1CmD8FvEDojgzfO7PFCKmhNXQgUHy2yqDpQC7wX862PtGxe72 2L5kSzzaIet1jKmBQnBEce4K5ZZXPih2XppjDbfCiWI9a+SwxWJWpAlyAkTibNQd tZX8e1lLSUrQXBnV1M+Wetn3aRL9TVB5jUX/ChgkWDzNj8yNjRWi4AKUXDPdVsmP e8XiJppWGcqUzjKzL9GLKNdzM8ub4Cv+GxaOWbowwyI17gLKyI7RsEPhmS/dpcHL 3LW0oKdKFzhhMvL8T3qwR/EJSlqYnvUf/CD0+9NhmHcZPG5HoTco3HGy6asq5Tpz eRdCA03BFMhKHCV3CkBXXwDIfo1OqVRQB1hsV2ltNZKVaVkidh00J2+4AdRPbOze CYEijaw4hLBkxHvCw0vi9cCKDNdPQ+NPm1P0vJwbarZTQoFd8Gt64kXQ1hAquRsB mdaCW7DKLD5MenHVcIf2oRPyxmit+QB8BH9QWG7bT/l67aJ0FQMRQJu7XX61pDSC d4uNZMz543zT+3kNRff3KP6uP5MAgDutJ5ydFybj/v5dw9nXn+veW5G+TTzptYhO Bik3Hls6fzY=2ljN -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 20, 2018
•Important
Red Hat
89
security advisorycritical issuebuffer overflowFedora Core 6: 2007-539 Critical: Mutt Buffer Overflow and APOP Risk
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. Also, a Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion. . ---------------------------------------------------------------------Fedora Update Notification FEDORA-2007-539 2007-05-30 ---------------------------------------------------------------------Product : Fedora Core 6 Name : mutt Version : 1.4.2.3 Release : 1.fc6 Summary : A text mode mail user agent. Description : Mutt is a text-mode mail user agent. Mutt supports color, threading, arbitrary key remapping, and a lot of customization. You should install mutt if you have used it in the past and you prefer it, or if you are new to mail programs and have not decided which one you are going to use. ---------------------------------------------------------------------Update Information: This update fixes two security issues: The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. (CVE-2007-1558) Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion. (CVE-2007-2683) ---------------------------------------------------------------------* Mon May 28 2007 Miroslav Lichvar 5:1.4.2.3-1.fc6 - update to 1.4.2.3 (CVE-2007-2683, CVE-2007-1558) ---------------------------------------------------------------------This update can be downloaded from: 95da57dc6d80ba28f234be812fdb04f23422d7e0 SRPMS/mutt-1.4.2.3-1.fc6.src.rpm 95da57dc6d80ba28f234be812fdb04f23422d7e0 noarch/mutt-1.4.2.3-1.fc6.src.rpm 1a88871576ce0a8d9d2c20173232eaf068089171 ppc/debug/mutt-debuginfo-1.4.2.3-1.fc6.ppc.rpm 4f2ff83e7734b6e8b562377af69cd28e8097a9a5 ppc/mutt-1.4.2.3-1.fc6.ppc.rpm 1c6db27e945e767cdca7b2b8cf16b19ffad97751 x86_64/debug/mutt-debuginfo-1.4.2.3-1.fc6.x86_64.rpm fd4c35d9244dbbb6ecadee874f231e3a6eb22ba5 x86_64/mutt-1.4.2.3-1.fc6.x86_64.rpm e071da29cd7d4cc14a8ecbeec6a93ec985da65de i386/debug/mutt-debuginfo-1.4.2.3-1.fc6.i386.rpm 2911156283af56769a72e478297dd2919074a6ae i386/mutt-1.4.2.3-1.fc6.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . ---------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list
May 30, 2007
•Critical
Fedora
98
security advisorybuffer overflowRed Hat Enterprise LinuxRed Hat: RHSA-2006:0577-01 Moderate: Mutt Buffer Overflow Advisory
Updated mutt packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: mutt security update Advisory ID: RHSA-2006:0577-01 Advisory URL: https://access.redhat.com/errata/RHSA-2006:0577.html Issue date: 2006-07-12 Updated on: 2006-07-12 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-3242 - ---------------------------------------------------------------------1. Summary: Updated mutt packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Mutt is a text-mode mail user agent. A buffer overflow flaw was found in the way Mutt processes an overly long namespace from a malicious imap server. In order to exploit this flaw a user would have to use Mutt to connect to a malicious IMAP server. (CVE-2006-3242) Users of Mutt are advised to upgrade to these erratum packages, which contain a backported patch to correct this issue. 4.Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 197151 - CVE-2006-3242 Mutt IMAP namespace buffer overflow 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: 54b1c502dcc5da91b83593a29e689cda mutt-1.2.5.1-2.rhel21.src.rpm i386: 7c33167f6a99327ea66a7d21158a3759 mutt-1.2.5.1-2.rhel21.i386.rpm ia64: 4f6bb6963b32b2cd7394fa6311251732 mutt-1.2.5.1-2.rhel21.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: 54b1c502dcc5da91b83593a29e689cda mutt-1.2.5.1-2.rhel21.src.rpm ia64: 4f6bb6963b32b2cd7394fa6311251732 mutt-1.2.5.1-2.rhel21.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: 54b1c502dcc5da91b83593a29e689cda mutt-1.2.5.1-2.rhel21.src.rpm i386: 7c33167f6a99327ea66a7d21158a3759 mutt-1.2.5.1-2.rhel21.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: 54b1c502dcc5da91b83593a29e689cda mutt-1.2.5.1-2.rhel21.src.rpm i386: 7c33167f6a99327ea66a7d21158a3759 mutt-1.2.5.1-2.rhel21.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: 888328d8ea84f9d405cf68c1d37a4a62 mutt-1.4.1-3.5.rhel3.src.rpm i386: 74ca0464aeb67b5f8915f796e729cc7a mutt-1.4.1-3.5.rhel3.i386.rpm d0399d260060bbc9237ddadc4ec2c2ff mutt-debuginfo-1.4.1-3.5.rhel3.i386.rpm ia64: a976af2dec5ddafcc17fb3e43516a637 mutt-1.4.1-3.5.rhel3.ia64.rpm 8c8304a6f94d5259082599f039623ca6 mutt-debuginfo-1.4.1-3.5.rhel3.ia64.rpm ppc: 5174f5edc6e767f728c481e3f80c0f4e mutt-1.4.1-3.5.rhel3.ppc.rpm 9f2ce9b3b7926b4f1a2d7d22fbe108fa mutt-debuginfo-1.4.1-3.5.rhel3.ppc.rpm s390: f514ef393a8a4b9e52304c365caadb32 mutt-1.4.1-3.5.rhel3.s390.rpm 2ce47567a5de01bd361a39f09f290f67 mutt-debuginfo-1.4.1-3.5.rhel3.s390.rpm s390x: dedb942b68b8f004959de7726e2cdab4 mutt-1.4.1-3.5.rhel3.s390x.rpm 3999e4d6b52d0f6a8b1a006675ed1668 mutt-debuginfo-1.4.1-3.5.rhel3.s390x.rpm x86_64: 09ae329bd135464f4415383973e3fcbb mutt-1.4.1-3.5.rhel3.x86_64.rpm 30fe875c3ce277643c391a665ae5d53b mutt-debuginfo-1.4.1-3.5.rhel3.x86_64.rpm Red Hat Desktop version 3: SRPMS: 888328d8ea84f9d405cf68c1d37a4a62 mutt-1.4.1-3.5.rhel3.src.rpm i386: 74ca0464aeb67b5f8915f796e729cc7a mutt-1.4.1-3.5.rhel3.i386.rpm d0399d260060bbc9237ddadc4ec2c2ff mutt-debuginfo-1.4.1-3.5.rhel3.i386.rpm x86_64: 09ae329bd135464f4415383973e3fcbb mutt-1.4.1-3.5.rhel3.x86_64.rpm 30fe875c3ce277643c391a665ae5d53b mutt-debuginfo-1.4.1-3.5.rhel3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: 888328d8ea84f9d405cf68c1d37a4a62 mutt-1.4.1-3.5.rhel3.src.rpm i386: 74ca0464aeb67b5f8915f796e729cc7a mutt-1.4.1-3.5.rhel3.i386.rpm d0399d260060bbc9237ddadc4ec2c2ff mutt-debuginfo-1.4.1-3.5.rhel3.i386.rpm ia64: a976af2dec5ddafcc17fb3e43516a637 mutt-1.4.1-3.5.rhel3.ia64.rpm 8c8304a6f94d5259082599f039623ca6 mutt-debuginfo-1.4.1-3.5.rhel3.ia64.rpm x86_64: 09ae329bd135464f4415383973e3fcbb mutt-1.4.1-3.5.rhel3.x86_64.rpm 30fe875c3ce277643c391a665ae5d53b mutt-debuginfo-1.4.1-3.5.rhel3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: 888328d8ea84f9d405cf68c1d37a4a62 mutt-1.4.1-3.5.rhel3.src.rpm i386: 74ca0464aeb67b5f8915f796e729cc7a mutt-1.4.1-3.5.rhel3.i386.rpm d0399d260060bbc9237ddadc4ec2c2ff mutt-debuginfo-1.4.1-3.5.rhel3.i386.rpm ia64: a976af2dec5ddafcc17fb3e43516a637 mutt-1.4.1-3.5.rhel3.ia64.rpm 8c8304a6f94d5259082599f039623ca6 mutt-debuginfo-1.4.1-3.5.rhel3.ia64.rpm x86_64: 09ae329bd135464f4415383973e3fcbb mutt-1.4.1-3.5.rhel3.x86_64.rpm 30fe875c3ce277643c391a665ae5d53b mutt-debuginfo-1.4.1-3.5.rhel3.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ed0c14b530685c615fceb65d67fe347d mutt-1.4.1-11.rhel4.src.rpm i386: 2865d8ea5a1c818bd25b9a55211b0558 mutt-1.4.1-11.rhel4.i386.rpm 4bfd5e8845113f9b8fce8c067dd3478a mutt-debuginfo-1.4.1-11.rhel4.i386.rpm ia64: ba7a3661e2c31ebc2b478e2546564721 mutt-1.4.1-11.rhel4.ia64.rpm a5f87fd3d059fc31df95fc817e90b2bb mutt-debuginfo-1.4.1-11.rhel4.ia64.rpm ppc: b800a6547047140a6ae9f88427f05b97 mutt-1.4.1-11.rhel4.ppc.rpm e8c55ad3f0e26b9371a11b30771075e1 mutt-debuginfo-1.4.1-11.rhel4.ppc.rpm s390: 9f3b9d6494e32cc82771a0d18bd6e0d0 mutt-1.4.1-11.rhel4.s390.rpm 7b11d7354dd2c10dfe19a59518d940fb mutt-debuginfo-1.4.1-11.rhel4.s390.rpm s390x: ac7d20109b0d477317ac98e60bebd246 mutt-1.4.1-11.rhel4.s390x.rpm 4beef135f74e7810460dffa5c99c28a5 mutt-debuginfo-1.4.1-11.rhel4.s390x.rpm x86_64: 3eb2b23126222c0b13fc9fa74a590a10 mutt-1.4.1-11.rhel4.x86_64.rpm c419956864d1678397927b350f98aed8 mutt-debuginfo-1.4.1-11.rhel4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ed0c14b530685c615fceb65d67fe347d mutt-1.4.1-11.rhel4.src.rpm i386: 2865d8ea5a1c818bd25b9a55211b0558 mutt-1.4.1-11.rhel4.i386.rpm 4bfd5e8845113f9b8fce8c067dd3478a mutt-debuginfo-1.4.1-11.rhel4.i386.rpm x86_64: 3eb2b23126222c0b13fc9fa74a590a10 mutt-1.4.1-11.rhel4.x86_64.rpm c419956864d1678397927b350f98aed8 mutt-debuginfo-1.4.1-11.rhel4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ed0c14b530685c615fceb65d67fe347d mutt-1.4.1-11.rhel4.src.rpm i386: 2865d8ea5a1c818bd25b9a55211b0558 mutt-1.4.1-11.rhel4.i386.rpm 4bfd5e8845113f9b8fce8c067dd3478a mutt-debuginfo-1.4.1-11.rhel4.i386.rpm ia64: ba7a3661e2c31ebc2b478e2546564721 mutt-1.4.1-11.rhel4.ia64.rpm a5f87fd3d059fc31df95fc817e90b2bb mutt-debuginfo-1.4.1-11.rhel4.ia64.rpm x86_64: 3eb2b23126222c0b13fc9fa74a590a10 mutt-1.4.1-11.rhel4.x86_64.rpm c419956864d1678397927b350f98aed8 mutt-debuginfo-1.4.1-11.rhel4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ed0c14b530685c615fceb65d67fe347d mutt-1.4.1-11.rhel4.src.rpm i386: 2865d8ea5a1c818bd25b9a55211b0558 mutt-1.4.1-11.rhel4.i386.rpm 4bfd5e8845113f9b8fce8c067dd3478a mutt-debuginfo-1.4.1-11.rhel4.i386.rpm ia64: ba7a3661e2c31ebc2b478e2546564721 mutt-1.4.1-11.rhel4.ia64.rpm a5f87fd3d059fc31df95fc817e90b2bb mutt-debuginfo-1.4.1-11.rhel4.ia64.rpm x86_64: 3eb2b23126222c0b13fc9fa74a590a10 mutt-1.4.1-11.rhel4.x86_64.rpm c419956864d1678397927b350f98aed8 mutt-debuginfo-1.4.1-11.rhel4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/updates/classification#moderate https://www.cve.org/CVERecord?id=CVE-2006-3242 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2006 Red Hat, Inc. . The Debian team issued a crucial security notice concerning nano, focusing on a critical vulnerability involving memory corruption that necessitates immediate patching.. Red Hat, Buffer Overflow, Mutt Update, Linux Assurance. . LinuxSecurity.com Team
Jul 12, 2006
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!