[SECURITY] Fedora 27 Update: mutt-1.9.2-2.fc27

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-502e31a658 2018-07-31 17:09:33.504524 -------------------------------------------------------------------------------- Name : mutt Product : Fedora 27 Version : 1.9.2 Release : 2.fc27 URL : http://www.mutt.org Summary : A text mode mail user agent Description : Mutt is a small but very powerful text-based MIME mail client. Mutt is highly configurable, and is well suited to the mail power user with advanced features like key bindings, keyboard macros, mail threading, regular expression searches and a powerful pattern matching language for selecting groups of messages. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2018-14358, CVE-2018-14352, CVE-2018-14353, CVE-2018-14356, CVE-2018-14359, CVE-2018-14354, CVE-2018-14355, CVE-2018-14362, CVE-2018-14357, CVE-2018-14350, CVE-2018-14349, CVE-2018-14351 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 19 2018 Matej Mu��ila <mmuzila(a)redhat.com&gt; - 5:1.9.2-2 - Backport security patches from mutt-1.10.1 - Resolves: #1602082 (CVE-2018-14354, CVE-2018-14355, CVE-2018-14362) - Resolves: #1602916 (CVE-2018-14357) - Resolves: #1602923 (CVE-2018-14350) - Resolves: #1602935 (CVE-2018-14349) - Resolves: #1602954 (CVE-2018-14351) - Resolves: CVE-2018-14358, CVE-2018-14352, CVE-2018-14353, CVE-2018-14356, CVE-2018-14359 * Wed Dec 20 2017 Matej Mu��ila <mmuzila(a)redhat.com&gt; - 5:1.9.2-1 - Upgrade to 1.9.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1602915 - CVE-2018-14357 mutt: Remote Code Execution via backquote characters https://bugzilla.redhat.com/show_bug.cgi?id=1602915 [ 2 ] Bug #1604084 - CVE-2018-14359 mutt: buffer overflow via base64 data https://bugzilla.redhat.com/show_bug.cgi?id=1604084 [ 3 ] Bug #1604064 - CVE-2018-14358 mutt: stack-based buffer overflow in imap/message.c https://bugzilla.redhat.com/show_bug.cgi?id=1604064 [ 4 ] Bug #1604047 - CVE-2018-14356 mutt: mishandles a zero-length UID in pop.c https://bugzilla.redhat.com/show_bug.cgi?id=1604047 [ 5 ] Bug #1604040 - CVE-2018-14353 mutt: integer underflow in imap/util.c https://bugzilla.redhat.com/show_bug.cgi?id=1604040 [ 6 ] Bug #1604034 - CVE-2018-14352 mutt: stack-based buffer overflow in imap/util.c https://bugzilla.redhat.com/show_bug.cgi?id=1604034 [ 7 ] Bug #1602953 - CVE-2018-14351 mutt: IMAP status mailbox literal mishandled in imap/command.c https://bugzilla.redhat.com/show_bug.cgi?id=1602953 [ 8 ] Bug #1602934 - CVE-2018-14349 mutt: Heap Overflow in imap/command.c https://bugzilla.redhat.com/show_bug.cgi?id=1602934 [ 9 ] Bug #1602922 - CVE-2018-14350 mutt: stack-based buffer overflow in imap/message.c https://bugzilla.redhat.com/show_bug.cgi?id=1602922 [ 10 ] Bug #1602081 - CVE-2018-14355 mutt: IMAP header caching path traversal vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1602081 [ 11 ] Bug #1602079 - CVE-2018-14362 mutt: POP body caching path traversal vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1602079 [ 12 ] Bug #1602069 - CVE-2018-14354 mutt: Remote code injection vulnerability to an IMAP mailbox https://bugzilla.redhat.com/show_bug.cgi?id=1602069 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-502e31a658' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------