[PLDSA 46-1] New mutt packages fix arbitrary code execution
Krzysiek Taraszka
dzimi at pld.org.pl
Sat May 3 15:45:02 CEST 2003
- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 46-1 security at pld.org.pl
http://www.pld.org.pl/security/ PLD Security Team
22 March 2003 http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------
Package : prior to mutt-1.4-4
Vulnerability : buffer overflow
Problem-Type : remote
PLD-specific : no
CVE references : CAN-2003-0140
Byrial Jensen discovered a couple of off-by-one buffer overflow in the
IMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME,
GPG, PGP and threading. This problem could potentially allow a remote
malicious IMAP server to cause a denial of service (crash) and
possibly execute arbitrary code via a specially crafted mail folder.
The above problems have been fixed in version 1.4.1-1 for the
current stable distribution (ra).
We recommend that you upgrade your mutt packages.
wget -c url
will fetch the file for you
rpm -Uhv file(s)*.rpm
will upgrade the referenced file.
If you are using "poldek" - the package manager, use the line as given below
for upgrade packages
poldek --update
will update the internal database
poldek --upgrade 'mutt*'
will install corrected packages
If you are using "apt" - the package manager, use the line as given below
for upgrade packages
apt-get update
will update the internal database
apt-get upgrade 'mutt*'
will install corrected packages
PLD Linux 1.0 alias ra
- --------------------
Source archives:
ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/mutt-1.4.1-1.src.rpm
MD5 checksum: 39807c578761d1bddfb3857efc8326cc
I386 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/mutt-1.4.1-1.i386.rpm
MD5 checksum: f2c659107cedba8e866cae417832ee19
I586 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/mutt-1.4.1-1.i586.rpm
MD5 checksum: a6f1f5461a1988875187b1a3c6acab71
I686 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/mutt-1.4.1-1.i686.rpm
MD5 checksum: 0f83100385c7bd9e6c06a509452930a3
PowerPC Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/mutt-1.4.1-1.ppc.rpm
MD5 checksum: 3c6b9329f585c108463eb67923d2cdf2
-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.
For i386 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security
More information about the pld-security-announce
mailing list