[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0402121218430.19861@bob.slackware.com>
Date: Thu, 12 Feb 2004 12:19:00 -0800 (PST)
From: Slackware Security Team <security@...ckware.com>
To: slackware-security@...ckware.com
Subject: [slackware-security] mutt security update (SSA:2004-043-01)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] mutt security update (SSA:2004-043-01)
Mutt is a text-based program for reading electronic mail.
New mutt packages are available for Slackware 8.1, 9.0, 9.1,
and -current. These have been upgraded to version 1.4.2i to
fix a buffer overflow that could lead to a machine compromise.
All sites using mutt should upgrade to the new mutt package.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0078
Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Thu Feb 12 10:00:37 PST 2004
patches/packages/mutt-1.4.2i-i486-1.tgz: Upgraded to mutt-1.4.2i.
This fixes an overflow that is a potential security hole. Here's the
information from www.mutt.org:
"Mutt 1.4.2 was released on February 11, 2004. This version fixes a buffer
overflow that can be triggered by incoming messages. There are reports
about spam that has actually triggered this problem and crashed mutt. It
is recommended that users of mutt versions prior to 1.4.2 upgrade to this
version, or apply the patch included below."
(* Security fix *)
+--------------------------+
WHERE TO FIND THE NEW PACKAGE:
+-----------------------------+
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/mutt-1.4.2i-i386-1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/mutt-1.4.2i-i386-1.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mutt-1.4.2i-i486-1.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/mutt-1.4.2i-i486-1.tgz
MD5 SIGNATURES:
+-------------+
Slackware 8.1 package:
6250fb75363a53d2286721c48d621698 mutt-1.4.2i-i386-1.tgz
Slackware 9.0 package:
47baa04aa5a84862e682cac9232b9c91 mutt-1.4.2i-i386-1.tgz
Slackware 9.1 package:
86a9330a2e9a0dcc9e34fce1ec6365e1 mutt-1.4.2i-i486-1.tgz
Slackware -current package:
e3e397cba66b0c278d74dc31cec3c96d mutt-1.4.2i-i486-1.tgz
INSTALLATION INSTRUCTIONS:
+------------------------+
Upgrade the mutt package with upgradepkg:
# upgradepkg mutt-1.4.2i-i486-1.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@...ckware.com
+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to majordomo@...ckware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAK83NakRjwEAQIjMRAtiPAJ4qgDsw9YHNKFRLnLzXBi6zbDWK5wCghLvc
ledTWcnWqPvPVogQMb5JNFo=
=36nK
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists