drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in mutt
Name: |
Denial of Service in mutt |
|
ID: |
USN-2440-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 14.10 |
|
Datum: |
Fr, 12. Dezember 2014, 07:41 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9116 |
|
Applikationen: |
mutt |
|
Originalnachricht |
--===============5266779698656612136== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Qxx1br4bt0+wmkIi" Content-Disposition: inline
--Qxx1br4bt0+wmkIi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-2440-1 December 11, 2014
mutt vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS
Summary:
The mutt mail client could be made to crash if it opened a specially crafted email.
Software Description: - mutt: text-based mailreader supporting MIME, GPG, PGP and threading
Details:
Jakub Wilk discovered that the write_one_header function in mutt did not properly handle newline characters at the beginning of a header. An attacker could specially craft an email to cause mutt to crash, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: mutt 1.5.23-1.1ubuntu0.2 mutt-patched 1.5.23-1.1ubuntu0.2
Ubuntu 14.04 LTS: mutt 1.5.21-6.4ubuntu2.1 mutt-patched 1.5.21-6.4ubuntu2.1
Ubuntu 12.04 LTS: mutt 1.5.21-5ubuntu2.2 mutt-patched 1.5.21-5ubuntu2.2
Ubuntu 10.04 LTS: mutt 1.5.20-7ubuntu1.3 mutt-patched 1.5.20-7ubuntu1.3
After a standard system update you need to restart any running instances of mutt to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2440-1 CVE-2014-9116
Package Information: https://launchpad.net/ubuntu/+source/mutt/1.5.23-1.1ubuntu0.2 https://launchpad.net/ubuntu/+source/mutt/1.5.21-6.4ubuntu2.1 https://launchpad.net/ubuntu/+source/mutt/1.5.21-5ubuntu2.2 https://launchpad.net/ubuntu/+source/mutt/1.5.20-7ubuntu1.3
--Qxx1br4bt0+wmkIi Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJUigRSAAoJEC8Jno0AXoH0xtQP/jxsKtiUCvcvoF7ytOH/bgiN wAcCj5cvTvwHZMAIWir/ja7PQ8Cz9tV+iwPrcYBo4tf3S8NbUoiR+tlRYOdNHe4i COkPjjmE62lMgvusckO/4vQJQ3UNULLUWldJ+rZT8WVzUZHcXKKqYY+jMwHUuYlv bfseyPpABeJhHeKbLUrBPnI3EnIhLMVUPFnACazxKLeBV69IfIXeaT5dAwblQUdL 76qmA1kBvOEVxgJywc6SpDBlVOHldA/OZjtr5cxI996InK/nBVZKU0XS+HQWk88t 5bHNowT3vQALTS23700fwJYZmQk7ZWrFHPl16SCH77QzApoB09oDAs306/yQ69uL t4XcOgLLpQmvznaYGfjPTAhe4HglT2OWZxmbcys9ctt8Ig5Lp6i6oC04th9out9d eNrFGcbvPcdJNPnMGKGg2GZwgD2JTtuqD80iZAaVnr9Rlb5WhM2axeHn2/vsVqgp Y6csODrR2AGubNqSyko5UICAlvNmlQf0FGZnNyps2BlG2EnO/n9+SGRvR09a3G3n aDjIPDQ43E4aA9eRxyJUPiPvAwtw4iLZVdscVqKq2RMydK/zzkg54gL/EX/GnIC0 sNLK/BdUjpCt86cuUBIyETNoyh+3uFFGkHfUnrQTeKbDy7omSL0r0bRbo1lJw2bU 5WKkAuwhGswyUMe3rPA2 =I23G -----END PGP SIGNATURE-----
--Qxx1br4bt0+wmkIi--
--===============5266779698656612136== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============5266779698656612136==--
|
|
|
|