drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Eingabeprüfung in Mutt
Name: |
Mangelnde Eingabeprüfung in Mutt |
|
ID: |
USN-4403-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS, Ubuntu 12.04 ESM, Ubuntu 18.04 LTS, Ubuntu 19.10, Ubuntu 20.04 LTS |
|
Datum: |
Mi, 24. Juni 2020, 23:22 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14954 |
|
Applikationen: |
mutt |
|
Originalnachricht |
--===============5383967636282481342== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="M9NhX3UHpAaciwkO" Content-Disposition: inline
--M9NhX3UHpAaciwkO Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-4403-1 June 24, 2020
mutt vulnerability and regression ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS - Ubuntu 19.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 12.04 ESM
Summary:
Mutt could be made to enable MITM attacks if it received a specially crafted request.
Software Description: - mutt: text-based mailreader supporting MIME, GPG, PGP and threading
Details:
It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to enable MITM attacks. (CVE-2020-14954)
This update also address a regression caused in the last update USN-4401-1. It only affected Ubuntu 12.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: mutt 1.13.2-1ubuntu0.2
Ubuntu 19.10: mutt 1.10.1-2.1ubuntu0.2
Ubuntu 18.04 LTS: mutt 1.9.4-3ubuntu0.3
Ubuntu 16.04 LTS: mutt 1.5.24-1ubuntu0.4
Ubuntu 12.04 ESM: mutt 1.5.21-5ubuntu2.5
After a standard system update you need to restart mutt to make all the necessary changes.
References: https://usn.ubuntu.com/4403-1 CVE-2020-14954, https://launchpad.net/bugs/1884588
Package Information: https://launchpad.net/ubuntu/+source/mutt/1.13.2-1ubuntu0.2 https://launchpad.net/ubuntu/+source/mutt/1.10.1-2.1ubuntu0.2 https://launchpad.net/ubuntu/+source/mutt/1.9.4-3ubuntu0.3 https://launchpad.net/ubuntu/+source/mutt/1.5.24-1ubuntu0.4
--M9NhX3UHpAaciwkO Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl7zmikACgkQRbznW4QL H2njfxAAjTRxqpH/sX3V1QxLEZu7px3j9R88afBIm9u7RBGKiVSKcOT6tjs08Bl3 UhpOkXyV7lQWQMaQllsDegDOrCFiOhd/J51fRB0cOFumndDGHu2b8B6YZNspFwz9 CZGCxKE+frT6BEsrIjzBg7Gk0GlkBbeUO9XC/X3QyRuzaGTKmRRw9qjPaQ8vvuog adjzJDT1NFNVGdaQ1c1egC7D4W9jZ4HCNArQybpykDSMExdvYNRVNMRO7BB74dpF nEM/e+wpadKZyAMMqRE9byyO7eMtYAvGN3xLW904H7yjQCgzcPd4Fmm+TgGXBRZl Rt52AYHXeg7sBi3i/6fLN9x3BvoQaf8WGJyIywBawsZJHTJTiIp/5HAzc3Tt/f8k yFafKFnSiH77Hbl46Q/Z7fKNPIawBVLclG5iTL3qivGHUT80guFIN2PA+GB/xLIr 4ZufyygkuLW0td70KXmwMs6w3S4Rd3QWkgHQwRljeYjpTQA+0P0aUw/zCXgwF0xp vSCCFzCCOmJe62vWPJEpXuxnPYIr3629Il/5Guv1RFZaiqHDDE0Q+c7gwxF4h1Iw 9/KtLhqV6tFY8lOONXdchyN2BKEZBemaOPr1e84oIxbRQ7+Dw40uzIhC9Wc+/37B 26AkquVW/eBe6fxZq8JoqRNDkfjoGUZbjaiuJ5+XEtv2l21jMVY= =f6E5 -----END PGP SIGNATURE-----
--M9NhX3UHpAaciwkO--
--===============5383967636282481342== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|