USN-307-1: mutt vulnerability
Posted on: 06/28/2006 04:12 PM

A new mutt vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-307-1 June 28, 2006
mutt vulnerability
http://secunia.com/advisories/20810
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
mutt 1.5.6-20040907+2ubuntu0.1

Ubuntu 5.10:
mutt 1.5.9-2ubuntu1.1

Ubuntu 6.06 LTS:
mutt 1.5.11-3ubuntu2.1

After a standard system upgrade you need to restart mutt to effect the
necessary changes.

Details follow:

TAKAHASHI Tamotsu discovered that mutt's IMAP backend did not
sufficiently check the validity of namespace strings. If an user
connects to a malicious IMAP server, that server could exploit this to
crash mutt or even execute arbitrary code with the privileges of the
mutt user.


Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.6-20040907+=
2ubuntu0.1.diff.gz
Size/MD5: 416375 64e6905e87d3b10d59f920b24baba212
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.6-20040907+=
2ubuntu0.1.dsc
Size/MD5: 794 90d6fdf6ed6ed8066217424251b5f70c
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.6.orig.tar.=
gz
Size/MD5: 2908273 1df09da057a96ef35c4d347779c314a9

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.6-20040907+=
2ubuntu0.1_amd64.deb
Size/MD5: 710852 41183be381c5ba75a1a370e1af65b0c2

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.6-20040907+=
2ubuntu0.1_i386.deb
Size/MD5: 669278 03cc903858ad0243209209ab9de628e1

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.6-20040907+=
2ubuntu0.1_powerpc.deb
Size/MD5: 715092 3506f6ca75eb05c61e3842a089d0e0a0

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1.=
1.diff.gz
Size/MD5: 93197 655e867ac1e488c5ab37088a2bfb6c08
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1.=
1.dsc
Size/MD5: 781 b4b263c27a300e31e649f93fad8ebeb6
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9.orig.tar.=
gz
Size/MD5: 3033253 587dd1d8f44361b73b82ef64eb30c3a0

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1.=
1_amd64.deb
Size/MD5: 730970 43ff1cfac57392b942729e74fa469598

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1.=
1_i386.deb
Size/MD5: 679380 a5230b99c9384aceaa5afb074369386a

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1.=
1_powerpc.deb
Size/MD5: 724474 ea2ecb5f204eb66b9ecfb8de8e36e4e8

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu2=
=2E1.diff.gz
Size/MD5: 416978 5580d195c109c523948a28b967f6f9fb
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu2=
=2E1.dsc
Size/MD5: 751 d1b22f97bb807fb6d4f81f735b3f1a66
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11.orig.tar=
=2Egz
Size/MD5: 3187076 30f165fdfaf474521a640f1f3886069a

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu2=
=2E1_amd64.deb
Size/MD5: 960128 2ce3a523e12f5e1493381f36f00cd189

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu2=
=2E1_i386.deb
Size/MD5: 907296 da20b1b549edee817d1b1c87e6d13537

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu2=
=2E1_powerpc.deb
Size/MD5: 956104 a331b93132b08dbac6bcdf5fc125e5c4

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu2=
=2E1_sparc.deb
Size/MD5: 924652 37de7b45c27daae34f8c96114cc2536b


--EeQfGwPcQSOJBaQU
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEonm8DecnbV4Fd/IRAvJkAJwJmKGvm4dkUtOuVZKaZ/sbPBGrIwCdGYja
JuFvA3u/ZmF5zmHDj6AmPzU=
=D503
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_307_1_mutt_vulnerability.html)