- --------------------------------------------------------------------------
Debian Security Advisory DSA 274-2                     security@debian.org 
Debian -- Security Information                              Martin Schulze
April 7th, 2003                          Debian -- Debian security FAQ 
- --------------------------------------------------------------------------

Package        : mutt
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE Id         : CAN-2003-0167

Byrial Jensen discovered a couple of off-by-one buffer overflow in the
IMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME,
GPG, PGP and threading.  This problem could potentially allow a remote
malicious IMAP server to cause a denial of service (crash) and
possibly execute arbitrary code via a specially crafted mail folder.

This advisory only covers the old stable distribution (potato) since
DSA 274-1 already fixed the stable distribution (woody).  For the old
stable distribution (potato) this problem has been fixed in version
1.2.5-5.2.

We recommend that you upgrade your mutt package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Source archives:

      
      Size/MD5 checksum:      590 8fb484ef4a54ae0b806136fd0c241a0b
      
      Size/MD5 checksum:    21591 c9efb077c78cfd7b8239cc96cf3ad8fd
      
      Size/MD5 checksum:  1973923 0ba5367059abdd55daceb82dce6be42f

  Alpha architecture:

      
      Size/MD5 checksum:  1130904 efa96771fd9e4d8c831b360e931e36f3

  ARM architecture:

      
      Size/MD5 checksum:  1044368 dc804baf176435e04ae30ea742777aeb

  Intel IA-32 architecture:

      
      Size/MD5 checksum:  1018660 4649d3d1b48600caacf6a4ca93f12408

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:  1001078 215b72365791489d99907b4bca2a9a7b

  PowerPC architecture:

      
      Size/MD5 checksum:  1050530 e3699e0ea5aa6f802825528929f5a529

  Sun Sparc architecture:

      
      Size/MD5 checksum:  1047240 547236f863d5094f95f36d4ea6f4accc


- ---------------------------------------------------------------------------------
For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/

Debian: UPDATED: mutt buffer overflow vulnerability

April 7, 2003
Byrial Jensen discovered a couple of off-by-one buffer overflow in the IMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME, GPG, PGP and threading.

Summary

Byrial Jensen discovered a couple of off-by-one buffer overflow in the
IMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME,
GPG, PGP and threading. This problem could potentially allow a remote
malicious IMAP server to cause a denial of service (crash) and
possibly execute arbitrary code via a specially crafted mail folder.

This advisory only covers the old stable distribution (potato) since
DSA 274-1 already fixed the stable distribution (woody). For the old
stable distribution (potato) this problem has been fixed in version
1.2.5-5.2.

We recommend that you upgrade your mutt package.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources...

Read the Full Advisory

Severity
Package : mutt

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved