drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Eingabeprüfung in Mutt
| Name: |
Mangelnde Eingabeprüfung in Mutt |
|
| ID: |
USN-4403-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 16.04 LTS, Ubuntu 12.04 ESM, Ubuntu 18.04 LTS, Ubuntu 19.10, Ubuntu 20.04 LTS |
|
| Datum: |
Mi, 24. Juni 2020, 23:22 |
|
| Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14954 |
|
| Applikationen: |
mutt |
|
Originalnachricht |
--===============5383967636282481342==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="M9NhX3UHpAaciwkO"
Content-Disposition: inline
--M9NhX3UHpAaciwkO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================================
Ubuntu Security Notice USN-4403-1
June 24, 2020
mutt vulnerability and regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 19.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 12.04 ESM
Summary:
Mutt could be made to enable MITM attacks if it received a specially crafted
request.
Software Description:
- mutt: text-based mailreader supporting MIME, GPG, PGP and threading
Details:
It was discovered that Mutt incorrectly handled certain requests.
An attacker could possibly use this issue to enable MITM attacks.
(CVE-2020-14954)
This update also address a regression caused in the last update USN-4401-1.
It only affected Ubuntu 12.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and
Ubuntu 19.10.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
mutt 1.13.2-1ubuntu0.2
Ubuntu 19.10:
mutt 1.10.1-2.1ubuntu0.2
Ubuntu 18.04 LTS:
mutt 1.9.4-3ubuntu0.3
Ubuntu 16.04 LTS:
mutt 1.5.24-1ubuntu0.4
Ubuntu 12.04 ESM:
mutt 1.5.21-5ubuntu2.5
After a standard system update you need to restart mutt to make
all the necessary changes.
References:
https://usn.ubuntu.com/4403-1
CVE-2020-14954, https://launchpad.net/bugs/1884588
Package Information:
https://launchpad.net/ubuntu/+source/mutt/1.13.2-1ubuntu0.2
https://launchpad.net/ubuntu/+source/mutt/1.10.1-2.1ubuntu0.2
https://launchpad.net/ubuntu/+source/mutt/1.9.4-3ubuntu0.3
https://launchpad.net/ubuntu/+source/mutt/1.5.24-1ubuntu0.4
--M9NhX3UHpAaciwkO
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl7zmikACgkQRbznW4QL
H2njfxAAjTRxqpH/sX3V1QxLEZu7px3j9R88afBIm9u7RBGKiVSKcOT6tjs08Bl3
UhpOkXyV7lQWQMaQllsDegDOrCFiOhd/J51fRB0cOFumndDGHu2b8B6YZNspFwz9
CZGCxKE+frT6BEsrIjzBg7Gk0GlkBbeUO9XC/X3QyRuzaGTKmRRw9qjPaQ8vvuog
adjzJDT1NFNVGdaQ1c1egC7D4W9jZ4HCNArQybpykDSMExdvYNRVNMRO7BB74dpF
nEM/e+wpadKZyAMMqRE9byyO7eMtYAvGN3xLW904H7yjQCgzcPd4Fmm+TgGXBRZl
Rt52AYHXeg7sBi3i/6fLN9x3BvoQaf8WGJyIywBawsZJHTJTiIp/5HAzc3Tt/f8k
yFafKFnSiH77Hbl46Q/Z7fKNPIawBVLclG5iTL3qivGHUT80guFIN2PA+GB/xLIr
4ZufyygkuLW0td70KXmwMs6w3S4Rd3QWkgHQwRljeYjpTQA+0P0aUw/zCXgwF0xp
vSCCFzCCOmJe62vWPJEpXuxnPYIr3629Il/5Guv1RFZaiqHDDE0Q+c7gwxF4h1Iw
9/KtLhqV6tFY8lOONXdchyN2BKEZBemaOPr1e84oIxbRQ7+Dw40uzIhC9Wc+/37B
26AkquVW/eBe6fxZq8JoqRNDkfjoGUZbjaiuJ5+XEtv2l21jMVY=
=f6E5
-----END PGP SIGNATURE-----
--M9NhX3UHpAaciwkO--
--===============5383967636282481342==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|
