[slackware-security]  Mutt buffer overflow in IMAP support

The mutt mail client packages in Slackware 8.1 and 9.0 have been
upgraded to mutt-1.4.1i to fix a security problem discovered by
Core Security Technologies.  This issue may allow a remote
attacker controlling a malicious IMAP server to execute code on
your machine as the user running mutt if you connect to the IMAP
server using mutt.

All sites running mutt are advised to upgrade.

More information on the problem can be found here:
 
 

Here are the details from the Slackware 9.0 ChangeLog:
+--------------------------+
Sat Mar 29 13:46:36 PST 2003
patches/packages/mutt-1.4.1i-i386-1.tgz:  Upgraded to mutt-1.4.1i.
  From www.mutt.org:
    Mutt 1.4.1 and 1.5.4 were released on March 19, 2003. These
    releases both fix a buffer overflow identified by Core Security
    Technologies. The only differences between 1.4 and 1.4.1 are bug
    fixes. If you are currently using 1.4, it's probably a very good
    idea to update.
  (* Security fix *)
+--------------------------+



WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated package for Slackware 8.1: 
 

Updated package for Slackware 9.0: 
 



MD5 SIGNATURES:
+-------------+

Here are the md5sums for the packages:

Slackware 8.1 package:
e39aa947e54ffe27b44f7f5a8c7d3eed  mutt-1.4.1i-i386-1.tgz

Slackware 9.0 package:
cde2991aaa4d41fb82a983555b347e64  mutt-1.4.1i-i386-1.tgz



INSTALLATION INSTRUCTIONS:
+------------------------+

Upgrade mutt using upgradepkg (as root):

upgradepkg mutt-1.4.1i-i386-1.tgz



+-----+

Slackware Linux Security Team 
slackware
security@slackware.com

+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+

Slackware: Mutt buffer overflow vulnerability

March 30, 2003
This issue may allow a remoteattacker controlling a malicious IMAP server to execute code onyour machine as the user running mutt if you connect to the IMAPserver using mutt.

Summary

Here are the details from the Slackware 9.0 ChangeLog: Sat Mar 29 13:46:36 PST 2003 patches/packages/mutt-1.4.1i-i386-1.tgz: Upgraded to mutt-1.4.1i. From www.mutt.org: Mutt 1.4.1 and 1.5.4 were released on March 19, 2003. These releases both fix a buffer overflow identified by Core Security Technologies. The only differences between 1.4 and 1.4.1 are bug fixes. If you are currently using 1.4, it's probably a very good idea to update. (* Security fix *) WHERE TO FIND THE NEW PACKAGES: Updated package for Slackware 8.1: Updated package for Slackware 9.0: MD5 SIGNATURES: Here are the md5sums for the packages: Slackware 8.1 package: e39aa947e54ffe27b44f7f5a8c7d3eed mutt-1.4.1i-i386-1.tgz Slackware 9.0 package: cde2991aaa4d41fb82a983555b347e64 mutt-1.4.1i-i386-1.tgz INSTALLATION INSTRUCTIONS: Upgrade mutt using upgradepkg (as root): upgradepkg mutt-1.4.1i-i386-1.tgz Slackware Linux Security Team slackware security@slackware.com | HO...

Where Find New Packages

MD5 Signatures

Severity
[slackware-security] Mutt buffer overflow in IMAP support
The mutt mail client packages in Slackware 8.1 and 9.0 have been upgraded to mutt-1.4.1i to fix a security problem discovered by Core Security Technologies. This issue may allow a remote attacker controlling a malicious IMAP server to execute code on your machine as the user running mutt if you connect to the IMAP server using mutt.
All sites running mutt are advised to upgrade.
More information on the problem can be found here:

Installation Instructions

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved