Slackware alert: mutt security update

Posted by dave on Feb 12, 2004 12:08 PM EDT
Mailing list
Mail this story
Print this story

New mutt packages are available for Slackware 8.1, 9.0, 9.1, and -current. These have been upgraded to version 1.4.2i to fix a buffer overflow that could lead to a machine compromise. All sites using mutt should upgrade to the new mutt package.

Mutt is a text-based program for reading electronic mail.

New mutt packages are available for Slackware 8.1, 9.0, 9.1, and -current. These have been upgraded to version 1.4.2i to fix a buffer overflow that could lead to a machine compromise. All sites using mutt should upgrade to the new mutt package.

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0078

Here are the details from the Slackware 9.1 ChangeLog: +--------------------------+ Thu Feb 12 10:00:37 PST 2004 patches/packages/mutt-1.4.2i-i486-1.tgz: Upgraded to mutt-1.4.2i. This fixes an overflow that is a potential security hole. Here's the information from http://www.mutt.org: "Mutt 1.4.2 was released on February 11, 2004. This version fixes a buffer overflow that can be triggered by incoming messages. There are reports about spam that has actually triggered this problem and crashed mutt. It is recommended that users of mutt versions prior to 1.4.2 upgrade to this version, or apply the patch included below." (* Security fix *) +--------------------------+

WHERE TO FIND THE NEW PACKAGE: +-----------------------------+

Updated package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/mutt-1.4.2i-i386-1.tgz

Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/mutt-1.4.2i-i386-1.tgz

Updated package for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mutt-1.4.2i-i486-1.tgz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/mutt-1.4.2i-i486-1.tgz

MD5 SIGNATURES: +-------------+

Slackware 8.1 package: 6250fb75363a53d2286721c48d621698 mutt-1.4.2i-i386-1.tgz

Slackware 9.0 package: 47baa04aa5a84862e682cac9232b9c91 mutt-1.4.2i-i386-1.tgz

Slackware 9.1 package: 86a9330a2e9a0dcc9e34fce1ec6365e1 mutt-1.4.2i-i486-1.tgz

Slackware -current package: e3e397cba66b0c278d74dc31cec3c96d mutt-1.4.2i-i486-1.tgz

INSTALLATION INSTRUCTIONS: +------------------------+

Upgrade the mutt package with upgradepkg:

# upgradepkg mutt-1.4.2i-i486-1.tgz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key [E-mail:security@slackware.com]

+------------------------------------------------------------------------+ | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | +------------------------------------------------------------------------+ | Send an email to [E-mail:majordomo@slackware.com] with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! | +------------------------------------------------------------------------+



  Nav
» Read more about: Story Type: Security; Groups: Slackware

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.