[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060628124444.GA5374@piware.de>
Date: Wed, 28 Jun 2006 14:44:44 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-307-1] mutt vulnerability
===========================================================
Ubuntu Security Notice USN-307-1 June 28, 2006
mutt vulnerability
http://secunia.com/advisories/20810
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.04:
mutt 1.5.6-20040907+2ubuntu0.1
Ubuntu 5.10:
mutt 1.5.9-2ubuntu1.1
Ubuntu 6.06 LTS:
mutt 1.5.11-3ubuntu2.1
After a standard system upgrade you need to restart mutt to effect the
necessary changes.
Details follow:
TAKAHASHI Tamotsu discovered that mutt's IMAP backend did not
sufficiently check the validity of namespace strings. If an user
connects to a malicious IMAP server, that server could exploit this to
crash mutt or even execute arbitrary code with the privileges of the
mutt user.
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.6-20040907+2ubuntu0.1.diff.gz
Size/MD5: 416375 64e6905e87d3b10d59f920b24baba212
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.6-20040907+2ubuntu0.1.dsc
Size/MD5: 794 90d6fdf6ed6ed8066217424251b5f70c
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.6.orig.tar.gz
Size/MD5: 2908273 1df09da057a96ef35c4d347779c314a9
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.6-20040907+2ubuntu0.1_amd64.deb
Size/MD5: 710852 41183be381c5ba75a1a370e1af65b0c2
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.6-20040907+2ubuntu0.1_i386.deb
Size/MD5: 669278 03cc903858ad0243209209ab9de628e1
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.6-20040907+2ubuntu0.1_powerpc.deb
Size/MD5: 715092 3506f6ca75eb05c61e3842a089d0e0a0
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1.1.diff.gz
Size/MD5: 93197 655e867ac1e488c5ab37088a2bfb6c08
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1.1.dsc
Size/MD5: 781 b4b263c27a300e31e649f93fad8ebeb6
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9.orig.tar.gz
Size/MD5: 3033253 587dd1d8f44361b73b82ef64eb30c3a0
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1.1_amd64.deb
Size/MD5: 730970 43ff1cfac57392b942729e74fa469598
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1.1_i386.deb
Size/MD5: 679380 a5230b99c9384aceaa5afb074369386a
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1.1_powerpc.deb
Size/MD5: 724474 ea2ecb5f204eb66b9ecfb8de8e36e4e8
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu2.1.diff.gz
Size/MD5: 416978 5580d195c109c523948a28b967f6f9fb
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu2.1.dsc
Size/MD5: 751 d1b22f97bb807fb6d4f81f735b3f1a66
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11.orig.tar.gz
Size/MD5: 3187076 30f165fdfaf474521a640f1f3886069a
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu2.1_amd64.deb
Size/MD5: 960128 2ce3a523e12f5e1493381f36f00cd189
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu2.1_i386.deb
Size/MD5: 907296 da20b1b549edee817d1b1c87e6d13537
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu2.1_powerpc.deb
Size/MD5: 956104 a331b93132b08dbac6bcdf5fc125e5c4
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu2.1_sparc.deb
Size/MD5: 924652 37de7b45c27daae34f8c96114cc2536b
Download attachment "signature.asc" of type "application/pgp-signature" (192 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists