Slackware alert: Mutt buffer overflow in IMAP support

Posted by dave on Mar 29, 2003 2:56 PM EDT
Mailing list
Mail this story
Print this story

The mutt mail client packages in Slackware 8.1 and 9.0 have been upgraded to mutt-1.4.1i to fix a security problem discovered by Core Security Technologies. This issue may allow a remote attacker controlling a malicious IMAP server to execute code on your machine as the user running mutt if you connect to the IMAP server using mutt.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] Mutt buffer overflow in IMAP support

The mutt mail client packages in Slackware 8.1 and 9.0 have been upgraded to mutt-1.4.1i to fix a security problem discovered by Core Security Technologies. This issue may allow a remote attacker controlling a malicious IMAP server to execute code on your machine as the user running mutt if you connect to the IMAP server using mutt.

All sites running mutt are advised to upgrade.

More information on the problem can be found here:

http://www.coresecurity.com/common/showdoc.php?idx=310&i...

Here are the details from the Slackware 9.0 ChangeLog: +--------------------------+ Sat Mar 29 13:46:36 PST 2003 patches/packages/mutt-1.4.1i-i386-1.tgz: Upgraded to mutt-1.4.1i. From http://www.mutt.org: Mutt 1.4.1 and 1.5.4 were released on March 19, 2003. These releases both fix a buffer overflow identified by Core Security Technologies. The only differences between 1.4 and 1.4.1 are bug fixes. If you are currently using 1.4, it's probably a very good idea to update. (* Security fix *) +--------------------------+



WHERE TO FIND THE NEW PACKAGES: +-----------------------------+

Updated package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/mutt-1.4.1i-i386-1.tgz

Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/mutt-1.4.1i-i386-1.tgz



MD5 SIGNATURES: +-------------+

Here are the md5sums for the packages:

Slackware 8.1 package: e39aa947e54ffe27b44f7f5a8c7d3eed mutt-1.4.1i-i386-1.tgz

Slackware 9.0 package: cde2991aaa4d41fb82a983555b347e64 mutt-1.4.1i-i386-1.tgz



INSTALLATION INSTRUCTIONS: +------------------------+

Upgrade mutt using upgradepkg (as root):

upgradepkg mutt-1.4.1i-i386-1.tgz



+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! | +------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+hjGEakRjwEAQIjMRAsNTAJ0WkrYLCjcQdH7RSBUEsXhz+hqGhACfVT6E 80yDdyVULB+E+EBbbe79egs= =32Dh -----END PGP SIGNATURE-----

  Nav
» Read more about: Story Type: Security; Groups: Slackware

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.