drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in mutt
| Name: |
Denial of Service in mutt |
|
| ID: |
USN-2440-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 14.10 |
|
| Datum: |
Fr, 12. Dezember 2014, 07:41 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9116 |
|
| Applikationen: |
mutt |
|
Originalnachricht |
--===============5266779698656612136==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="Qxx1br4bt0+wmkIi"
Content-Disposition: inline
--Qxx1br4bt0+wmkIi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================================
Ubuntu Security Notice USN-2440-1
December 11, 2014
mutt vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
The mutt mail client could be made to crash if it opened a specially
crafted email.
Software Description:
- mutt: text-based mailreader supporting MIME, GPG, PGP and threading
Details:
Jakub Wilk discovered that the write_one_header function in mutt
did not properly handle newline characters at the beginning of a
header. An attacker could specially craft an email to cause mutt to
crash, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
mutt 1.5.23-1.1ubuntu0.2
mutt-patched 1.5.23-1.1ubuntu0.2
Ubuntu 14.04 LTS:
mutt 1.5.21-6.4ubuntu2.1
mutt-patched 1.5.21-6.4ubuntu2.1
Ubuntu 12.04 LTS:
mutt 1.5.21-5ubuntu2.2
mutt-patched 1.5.21-5ubuntu2.2
Ubuntu 10.04 LTS:
mutt 1.5.20-7ubuntu1.3
mutt-patched 1.5.20-7ubuntu1.3
After a standard system update you need to restart any running
instances of mutt to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2440-1
CVE-2014-9116
Package Information:
https://launchpad.net/ubuntu/+source/mutt/1.5.23-1.1ubuntu0.2
https://launchpad.net/ubuntu/+source/mutt/1.5.21-6.4ubuntu2.1
https://launchpad.net/ubuntu/+source/mutt/1.5.21-5ubuntu2.2
https://launchpad.net/ubuntu/+source/mutt/1.5.20-7ubuntu1.3
--Qxx1br4bt0+wmkIi
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUigRSAAoJEC8Jno0AXoH0xtQP/jxsKtiUCvcvoF7ytOH/bgiN
wAcCj5cvTvwHZMAIWir/ja7PQ8Cz9tV+iwPrcYBo4tf3S8NbUoiR+tlRYOdNHe4i
COkPjjmE62lMgvusckO/4vQJQ3UNULLUWldJ+rZT8WVzUZHcXKKqYY+jMwHUuYlv
bfseyPpABeJhHeKbLUrBPnI3EnIhLMVUPFnACazxKLeBV69IfIXeaT5dAwblQUdL
76qmA1kBvOEVxgJywc6SpDBlVOHldA/OZjtr5cxI996InK/nBVZKU0XS+HQWk88t
5bHNowT3vQALTS23700fwJYZmQk7ZWrFHPl16SCH77QzApoB09oDAs306/yQ69uL
t4XcOgLLpQmvznaYGfjPTAhe4HglT2OWZxmbcys9ctt8Ig5Lp6i6oC04th9out9d
eNrFGcbvPcdJNPnMGKGg2GZwgD2JTtuqD80iZAaVnr9Rlb5WhM2axeHn2/vsVqgp
Y6csODrR2AGubNqSyko5UICAlvNmlQf0FGZnNyps2BlG2EnO/n9+SGRvR09a3G3n
aDjIPDQ43E4aA9eRxyJUPiPvAwtw4iLZVdscVqKq2RMydK/zzkg54gL/EX/GnIC0
sNLK/BdUjpCt86cuUBIyETNoyh+3uFFGkHfUnrQTeKbDy7omSL0r0bRbo1lJw2bU
5WKkAuwhGswyUMe3rPA2
=I23G
-----END PGP SIGNATURE-----
--Qxx1br4bt0+wmkIi--
--===============5266779698656612136==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============5266779698656612136==--
|
|
|
|
