LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Warn: mutt
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-12-2004, 08:46 PM   #1
Joey.Dale
Member
 
Registered: Jun 2003
Location: Tampa, Fl
Distribution: Gentoo, Slackware
Posts: 828

Rep: Reputation: 39
Warn: mutt

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mutt security update (SSA:2004-043-01)

Mutt is a text-based program for reading electronic mail.

New mutt packages are available for Slackware 8.1, 9.0, 9.1,
and -current. These have been upgraded to version 1.4.2i to
fix a buffer overflow that could lead to a machine compromise.
All sites using mutt should upgrade to the new mutt package.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename...=CAN-2004-0078


Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Thu Feb 12 10:00:37 PST 2004
patches/packages/mutt-1.4.2i-i486-1.tgz: Upgraded to mutt-1.4.2i.
This fixes an overflow that is a potential security hole. Here's the
information from www.mutt.org:
"Mutt 1.4.2 was released on February 11, 2004. This version fixes a buffer
overflow that can be triggered by incoming messages. There are reports
about spam that has actually triggered this problem and crashed mutt. It
is recommended that users of mutt versions prior to 1.4.2 upgrade to this
version, or apply the patch included below."
(* Security fix *)
+--------------------------+


WHERE TO FIND THE NEW PACKAGE:
+-----------------------------+

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackwar....2i-i386-1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackwar....2i-i386-1.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackwar....2i-i486-1.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackwar....2i-i486-1.tgz


MD5 SIGNATURES:
+-------------+

Slackware 8.1 package:
6250fb75363a53d2286721c48d621698 mutt-1.4.2i-i386-1.tgz

Slackware 9.0 package:
47baa04aa5a84862e682cac9232b9c91 mutt-1.4.2i-i386-1.tgz

Slackware 9.1 package:
86a9330a2e9a0dcc9e34fce1ec6365e1 mutt-1.4.2i-i486-1.tgz

Slackware -current package:
e3e397cba66b0c278d74dc31cec3c96d mutt-1.4.2i-i486-1.tgz


INSTALLATION INSTRUCTIONS:
+------------------------+

Upgrade the mutt package with upgradepkg:

# upgradepkg mutt-1.4.2i-i486-1.tgz


+-----+

Slackware Linux Security Team
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
WARN: rsync Joey.Dale Linux - Security 1 10-12-2004 11:10 PM
WARN: sox Joey.Dale Linux - Security 1 08-11-2004 06:02 AM
WARN: libpng Joey.Dale Linux - Security 0 08-10-2004 05:59 AM
Warn: Xfree86 Joey.Dale Linux - Security 2 02-14-2004 02:34 AM
Warn: Gaim Joey.Dale Linux - Security 1 01-26-2004 10:40 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:13 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration