Lucene search
SuseOPENSUSE-SU-2018:2212-1HistoryAug 06, 2018 - 3:13 p.m.
Security update for mutt (important)
2018-08-0615:13:42
lists.opensuse.org
51
0.018 Low
EPSS
Percentile
86.5%
This update for mutt fixes the following issues:
Security issues fixed:
- bsc#1101428: Mutt 1.10.1 security release update.
- CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status
mailbox literal count size (bsc#1101583). - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer
underflow (bsc#1101581). - CVE-2018-14362: Fix pop.c that does not forbid characters that may have
unsafe interaction with message-cache pathnames (bsc#1101567). - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers
via backquote characters (bsc#1101578). - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave
room for quote characters (bsc#1101582). - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID
(bsc#1101576). - CVE-2018-14355: Fix imap/util.c that mishandles "…" directory traversal
in a mailbox name (bsc#1101577). - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without
a message (bsc#1101589). - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer
overflow for a FETCH response with along INTERNALDATE field
(bsc#1101588). - CVE-2018-14363: Fix newsrc.c that does not properlyrestrict ‘/’
characters that may have unsafe interaction with cache pathnames
(bsc#1101566). - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570).
- CVE-2018-14358: Fix imap/message.c that has a stack-based buffer
overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571). - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based
buffer overflow because of incorrect sscanf usage (bsc#1101569). - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute
arbitrary commands via backquote characters (bsc#1101573). - CVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails
for messages data (bsc#1101568).
Bug fixes:
- mutt reports as neomutt and incorrect version (bsc#1094717)
This update was imported from the SUSE:SLE-15:Update update project.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Leap | 15.0 | noarch | mutt-lang | < 1.10.1-lp150.2.3.1 | mutt-lang-1.10.1-lp150.2.3.1.noarch.rpm |
| openSUSE Leap | 15.0 | x86_64 | mutt | < 1.10.1-lp150.2.3.1 | mutt-1.10.1-lp150.2.3.1.x86_64.rpm |
| openSUSE Leap | 15.0 | x86_64 | mutt-debugsource | < 1.10.1-lp150.2.3.1 | mutt-debugsource-1.10.1-lp150.2.3.1.x86_64.rpm |
| openSUSE Leap | 15.0 | x86_64 | mutt-debuginfo | < 1.10.1-lp150.2.3.1 | mutt-debuginfo-1.10.1-lp150.2.3.1.x86_64.rpm |
| openSUSE Leap | 15.0 | noarch | mutt-doc | < 1.10.1-lp150.2.3.1 | mutt-doc-1.10.1-lp150.2.3.1.noarch.rpm |
References
bugzilla.suse.com/1094717
bugzilla.suse.com/1101428
bugzilla.suse.com/1101566
bugzilla.suse.com/1101567
bugzilla.suse.com/1101568
bugzilla.suse.com/1101569
bugzilla.suse.com/1101570
bugzilla.suse.com/1101571
bugzilla.suse.com/1101573
bugzilla.suse.com/1101576
bugzilla.suse.com/1101577
bugzilla.suse.com/1101578
bugzilla.suse.com/1101581
bugzilla.suse.com/1101582
bugzilla.suse.com/1101583
bugzilla.suse.com/1101588
bugzilla.suse.com/1101589
Related
openvas
openvas
Debian LTS: Security Advisory for mutt (DLA-1455-1)
2018-08-03 00:00:00
Debian Security Advisory DSA 4277-1 (mutt - security update)
2018-08-17 00:00:00
openSUSE: Security Advisory for mutt (openSUSE-SU-2018:2212-1)
2018-10-26 00:00:00
nessus
nessus
FreeBSD : mutt/neomutt -- multiple vulnerabilities (fe12ef83-8b47-11e8-96cc-001a4a7ec6be)
2018-07-20 00:00:00
Debian DSA-4277-1 : mutt - security update
2018-08-20 00:00:00
openSUSE Security Update : mutt (openSUSE-2019-569)
2019-03-27 00:00:00
suse
suse
Security update for mutt (important)
2019-01-17 00:00:00
Security update for mutt (important)
2015-01-06 18:04:47
debian
debian
[SECURITY] [DSA 4277-1] mutt security update
2018-08-17 18:15:34
[SECURITY] [DSA 4277-1] mutt security update
2018-08-17 18:15:34
[SECURITY] [DLA 1455-1] mutt security update
2018-08-02 11:00:52
freebsd
freebsd
mutt/neomutt -- multiple vulnerabilities
2018-07-10 00:00:00
mutt -- remote code injection and path traversal vulnerability
2018-07-15 00:00:00
mutt -- denial of service via crafted mail message
2014-11-26 00:00:00
osv
osv
mutt - security update
2018-08-17 00:00:00
mutt - security update
2018-08-02 00:00:00
mutt - security update
2014-12-05 00:00:00
mageia
mageia
Updated mutt packages fix security vulnerability
2018-11-16 01:04:32
Updated mutt packages fix CVE-2014-9116
2014-12-05 18:54:13
fedora
fedora
[SECURITY] Fedora 27 Update: mutt-1.9.2-2.fc27
2018-07-31 17:14:09
[SECURITY] Fedora 28 Update: mutt-1.10.1-1.fc28
2018-07-31 18:05:34
[SECURITY] Fedora 21 Update: mutt-1.5.23-7.fc21
2015-02-15 03:02:04
ubuntu
ubuntu
Mutt vulnerabilities
2018-09-28 00:00:00
Mutt vulnerabilities
2018-07-23 00:00:00
Mutt vulnerabilities
2018-07-23 00:00:00
gentoo
gentoo
Mutt, NeoMutt: Multiple vulnerabilities
2018-10-30 00:00:00
Mutt: Heap-based buffer overflow
2017-01-01 00:00:00
redhat
redhat
(RHSA-2018:2526) Important: mutt security update
2018-08-20 14:42:31
(RHSA-2020:1126) Moderate: mutt security update
2020-03-31 09:22:10
amazon
amazon
Important: mutt
2018-09-12 22:24:00
oraclelinux
oraclelinux
mutt security update
2018-08-20 00:00:00
mutt security update
2020-04-06 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1925
2021-07-02 17:31:43
centos
centos
mutt security update
2018-08-21 00:49:34
mutt security update
2020-04-08 18:49:15
veracode
veracode
Arbitrary Code Execution
2020-09-21 06:34:16
Arbitrary Code Execution
2020-09-21 06:26:39
Remote Code Execution (RCE)
2019-01-15 09:25:32
securityvulns
securityvulns
mutt DoS
2014-12-01 00:00:00
[SECURITY] [DSA 3083-1] mutt security update
2014-12-01 00:00:00
slackware
slackware
[slackware-security] mutt
2015-04-22 01:21:37
ubuntucve
ubuntucve
debiancve
debiancve
prion
prion
Design/Logic Flaw
2018-07-17 17:29:00
Heap overflow
2014-12-02 16:59:00
Design/Logic Flaw
2018-07-17 17:29:00
redhatcve
redhatcve
cve
cve
alpinelinux
alpinelinux
archlinux
archlinux
mutt: denial of service
2015-03-09 00:00:00