[slackware-security] mutt

New mutt packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/mutt-1.10.1-i586-2slack14.2.txz: Rebuilt. Mutt had incorrect error handling when initially connecting to an IMAP server,...

Slackware 14.0 / 14.1 / 14.2 / current : mutt (SSA:2020-329-01)

New mutt packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2020-329-01. The text itself is copyright C Slackware Linux...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Mutt vulnerability (USN-4645-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4645-1 advisory. It was discovered that Mutt incorrectly handled certain connections. An attacker could possibly use this issue to expose sensitive...

CVE-2020-28896

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...

CVE-2020-28896

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...

CVE-2020-28896

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...

DEBIAN-CVE-2020-28896

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...

CVE-2020-28896

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...

Authentication flaw

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...

UBUNTU-CVE-2020-28896

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...

CVE-2020-28896

CVE-2020-28896 affects Mutt and NeoMutt where, during IMAP initial responses, the client did not properly consult $ssl_force_tls and/or close the connection, allowing potential exposure of authentication credentials to an unencrypted channel or a Man‑in‑the‑Middle. The issue occurs in Mutt up to ...

CVE-2020-28896

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...

CVE-2020-28896

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...

CVE-2020-28896

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...

Mutt and NeoMutt Security Vulnerabilities

Mutt is a text-based mail client for Unix-like systems by Michael Elkins, the personal developer of NeoMutt, a command-line mail reader. A security vulnerability exists in Mutt versions prior to 2.0.2 and NeoMutt versions prior to 2020-11-20, which stems from a failure to ensure that $ssl force t...

FreeBSD : mutt -- authentication credentials being sent over an unencrypted connection (dc132c91-2b71-11eb-8cfd-4437e6ad11c4)

Kevin J. McCarthy reports : Mutt had incorrect error handling when initially connecting to an IMAP server, which could result in an attempt to authenticate without enabling TLS. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD...

PT-2020-6267 · Neomutt +9 · Neomutt +9

Name of the Vulnerable Software and Affected Versions: Mutt versions prior to 2.0.2 NeoMutt versions prior to 2020-11-20 Description: The issue is related to insufficient protection of registration data, which could allow a remote attacker to access confidential data. If an IMAP server's initial...

mutt -- authentication credentials being sent over an unencrypted connection

Kevin J. McCarthy reports: Mutt had incorrect error handling when initially connecting to an IMAP server, which could result in an attempt to authenticate without enabling TLS...

EulerOS 2.0 SP5 : mutt (EulerOS-SA-2020-2258)

According to the versions of the mutt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.CVE-2020-14093 - Mutt before 1.14.4 and NeoMutt befo...

Huawei EulerOS: Security Advisory for mutt (EulerOS-SA-2020-2258)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...