Thursday, October 19, 2023

[USN-6374-2] Mutt vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEE2WgtvmwmcgaEBLlnCAvK1QvD6SAFAmUxZUIFAwAAAAAACgkQCAvK1QvD6SBv
9w//a9l6JkmYxfjfuKlmz03TB2FN1cPxhz1WrK2TBlBgdGwscuKLs2hx8tMFpPc+LZ1hHZX6MYrG
GkzjiYDxl7uF5vFOeuqkG9Ir30QGEk/7a48YdVsuYiDHdwW/owr/mrZZbrhQa3qXFh0hbSawCH4n
KnEimAU45OOOvCVbQ2lxkuhbbFgfiy+HGY3uOyMSpZiIz7V8yDzPjtyfHRb07yJb6KzgaV2TCkiL
R8GhdWwTfp+XxsDSA5bMBZM80lb8NxBE+6bVs3MdpznXzKN8fwk5c0BdJfHLGL/ivmMFbcnN0Xa9
D1VfVDLAg7z73Jh6HVZkjhjFncKSRJkZNZynD0AyW4zdfCdNUXDYh40X2Ohu3DTwzJGMLnEl+rs3
RY4fi3Gf7wGnwbwL7X1MbqAYkSR16PAEuvUHCpbqmz8wbRqdIrFEu1zctV1qXLYm3OxFPTEAG5kL
hnd4Q2fbNKbYQnFKmIgzT4L59liwX0Ntwvz/sa4i6lFcvli1kJSLQvgs9NP2MqtvRb8pwHm+6Qu7
9BLNjLYiy6KvkG6oYHAvmUwIB22SnaKx7XyaqzZ2494f4mzinZ7y7ucg1kBP0n81yxJ3L53fO3cr
5SL4/DlFoxPF5T3q/5ooyHbL24qneuMPX9co1GiW+fEkdlziyRPn3Wfm8thoemDzGt8h6Ag+/ZQq
v3c=
=0ry8
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6374-2
October 19, 2023

mutt vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10

Summary:

Mutt could be made to crash if it received specially crafted
input.

Software Description:
- mutt: text-based mailreader supporting MIME, GPG, PGP and threading

Details:

USN-6374-1 fixed vulnerabilities in Mutt. This update provides the
corresponding updates for Ubuntu 23.10.

Original advisory details:

 It was discovered that Mutt incorrectly handled certain email header
 contents. If a user were tricked into opening a specially crafted message,
 a remote attacker could possibly use this issue to cause a denial of
 service. (CVE-2023-4874, CVE-2023-4875)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
  mutt                            2.2.9-1ubuntu0.23.10.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6374-2
  https://ubuntu.com/security/notices/USN-6374-1
  CVE-2023-4874, CVE-2023-4875

Package Information:
  https://launchpad.net/ubuntu/+source/mutt/2.2.9-1ubuntu0.23.10.1

No comments:

Post a Comment