| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 22 Mar 2003 19:19:38 +0100
From: Daniel Ahlberg <aliz@...too.org>
To: bugtraq@...urityfocus.com
Subject: GLSA: mutt (200303-19)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-19
- - ---------------------------------------------------------------------
PACKAGE : mutt
SUMMARY : buffer overflow
DATE : 2003-03-22 18:19 UTC
EXPLOIT : local
VERSIONS AFFECTED : <1.4.1
FIXED VERSION : >=1.4.1
CVE : CAN-2003-0140
- - ---------------------------------------------------------------------
- From advisory:
"By controlling a malicious IMAP server and providing a specially
crafted folder, an attacker can crash the mail reader and possibly
force execution of arbitrary commands on the vulnerable system with
the privileges of the user running Mutt."
Read the full advisory at:
http://www.coresecurity.com/common/showdoc.php?idx=310&idxseccion=10
SOLUTION
It is recommended that all Gentoo Linux users who are running
net-mail/mutt upgrade to mutt-1.4.1 as follows:
emerge sync
emerge mutt
emerge clean
- - ---------------------------------------------------------------------
aliz@...too.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
- - ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+fKkyfT7nyhUpoZMRAkw6AKCmyIFHKpT4dpk4eafeuVw9M1zFZQCeI48z
7dK4rjkZJCsYlIk5Yk5Fd/c=
=acwA
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists