Mehrere Probleme in Mutt und Neomutt
ID: | 202007-57 |
Distribution: | Gentoo |
Plattformen: | Keine Angabe |
Datum: | Di, 28. Juli 2020, 23:26 |
Referenzen: | https://nvd.nist.gov/vuln/detail/CVE-2020-14093
https://nvd.nist.gov/vuln/detail/CVE-2020-14954 https://nvd.nist.gov/vuln/detail/CVE-2020-14154 |
Applikationen: | mutt, NeoMutt |
Originalnachricht |
|
--Apple-Mail=_C54CF6E8-85A7-457D-B1F9-400C18ADB8C4 Content-Type: multipart/alternative; boundary="Apple-Mail=_8F8B24C8-BF56-464A-AAAE-256361092805" --Apple-Mail=_8F8B24C8-BF56-464A-AAAE-25636109280 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charsetíf-8 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202007-57 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mutt, Neomutt: Multiple vulnerabilities Date: July 28, 2020 Bugs: #728294, #728302, #728708 ID: 202007-57 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Mutt and Neomutt, the worst of which could result in an access restriction bypass. Background ========== Mutt is a small but very powerful text-based mail client. NeoMutt is a command line mail reader (or MUA). Itâs a fork of Mutt with added features. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-client/mutt < 1.14.4 >= 1.14.4 2 mail-client/neomutt < 20200619 >= 20200619 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Mutt and Neomutt. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Mutt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/mutt-1.14.4" All Neomutt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/neomutt-20200619" References ========== [ 1 ] CVE-2020-14093 https://nvd.nist.gov/vuln/detail/CVE-2020-14093 [ 2 ] CVE-2020-14154 https://nvd.nist.gov/vuln/detail/CVE-2020-14154 [ 3 ] CVE-2020-14954 https://nvd.nist.gov/vuln/detail/CVE-2020-14954 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202007-57 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 --Apple-MailøF8B24C8-BF56-464A-AAAE-256361092805 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8- - - = - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202007-57 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mutt, Neomutt: Multiple vulnerabilities Date: July 28, 2020 Bugs: #728294, #728302, #728708 ID: 202007-57 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis =3D=3D=3D=3D=3D=3D=3D=3D Multiple vulnerabilities have been found in Mutt and Neomutt, the worst of which could result in an access restriction bypass. Background =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Mutt is a small but very powerful text-based mail client. NeoMutt is a command line mail reader (or MUA). It=E2=80=99s a fork of = Mutt with added features. Affected packages =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-client/mutt < 1.14.4 >=3D = 1.14.4=20 2 mail-client/neomutt < 20200619 >=3D = 20200619=20 ------------------------------------------------------------------- 2 affected packages Description =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Multiple vulnerabilities have been discovered in Mutt and Neomutt. Please review the CVE identifiers referenced below for details. Impact =3D=3D=3D=3D=3D=3D Please review the referenced CVE identifiers for details. Workaround =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D There is no known workaround at this time. Resolution =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D All Mutt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=3Dmail-client/mutt-1.14.4" All Neomutt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=3Dmail-client/neomutt-20200619"= References =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D [ 1 ] CVE-2020-14093 https://nvd.nist.gov/vuln/detail/CVE-2020-14093 [ 2 ] CVE-2020-14154 https://nvd.nist.gov/vuln/detail/CVE-2020-14154 [ 3 ] CVE-2020-14954 https://nvd.nist.gov/vuln/detail/CVE-2020-14954 Availability =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202007-57 Concerns? =3D=3D=3D=3D=3D=3D=3D=3D=3D Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org = or alternatively, you may file a bug at https://bugs.gentoo.org. License =3D=3D=3D=3D=3D=3D=3D Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 |