--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-502e31a658
2018-07-31 17:09:33.504524
--------------------------------------------------------------------------------
Name : mutt
Product : Fedora 27
Version : 1.9.2
Release : 2.fc27
URL :
http://www.mutt.org
Summary : A text mode mail user agent
Description :
Mutt is a small but very powerful text-based MIME mail client. Mutt
is highly configurable, and is well suited to the mail power user with
advanced features like key bindings, keyboard macros, mail threading,
regular expression searches and a powerful pattern matching language
for selecting groups of messages.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2018-14358, CVE-2018-14352, CVE-2018-14353, CVE-2018-14356,
CVE-2018-14359, CVE-2018-14354, CVE-2018-14355, CVE-2018-14362, CVE-2018-14357,
CVE-2018-14350, CVE-2018-14349, CVE-2018-14351
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 19 2018 Matej Mu��ila <mmuzila(a)redhat.com> - 5:1.9.2-2
- Backport security patches from mutt-1.10.1
- Resolves: #1602082 (CVE-2018-14354, CVE-2018-14355, CVE-2018-14362)
- Resolves: #1602916 (CVE-2018-14357)
- Resolves: #1602923 (CVE-2018-14350)
- Resolves: #1602935 (CVE-2018-14349)
- Resolves: #1602954 (CVE-2018-14351)
- Resolves: CVE-2018-14358, CVE-2018-14352, CVE-2018-14353, CVE-2018-14356,
CVE-2018-14359
* Wed Dec 20 2017 Matej Mu��ila <mmuzila(a)redhat.com> - 5:1.9.2-1
- Upgrade to 1.9.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1602915 - CVE-2018-14357 mutt: Remote Code Execution via backquote
characters
https://bugzilla.redhat.com/show_bug.cgi?id=1602915
[ 2 ] Bug #1604084 - CVE-2018-14359 mutt: buffer overflow via base64 data
https://bugzilla.redhat.com/show_bug.cgi?id=1604084
[ 3 ] Bug #1604064 - CVE-2018-14358 mutt: stack-based buffer overflow in imap/message.c
https://bugzilla.redhat.com/show_bug.cgi?id=1604064
[ 4 ] Bug #1604047 - CVE-2018-14356 mutt: mishandles a zero-length UID in pop.c
https://bugzilla.redhat.com/show_bug.cgi?id=1604047
[ 5 ] Bug #1604040 - CVE-2018-14353 mutt: integer underflow in imap/util.c
https://bugzilla.redhat.com/show_bug.cgi?id=1604040
[ 6 ] Bug #1604034 - CVE-2018-14352 mutt: stack-based buffer overflow in imap/util.c
https://bugzilla.redhat.com/show_bug.cgi?id=1604034
[ 7 ] Bug #1602953 - CVE-2018-14351 mutt: IMAP status mailbox literal mishandled in
imap/command.c
https://bugzilla.redhat.com/show_bug.cgi?id=1602953
[ 8 ] Bug #1602934 - CVE-2018-14349 mutt: Heap Overflow in imap/command.c
https://bugzilla.redhat.com/show_bug.cgi?id=1602934
[ 9 ] Bug #1602922 - CVE-2018-14350 mutt: stack-based buffer overflow in imap/message.c
https://bugzilla.redhat.com/show_bug.cgi?id=1602922
[ 10 ] Bug #1602081 - CVE-2018-14355 mutt: IMAP header caching path traversal
vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1602081
[ 11 ] Bug #1602079 - CVE-2018-14362 mutt: POP body caching path traversal
vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1602079
[ 12 ] Bug #1602069 - CVE-2018-14354 mutt: Remote code injection vulnerability to an
IMAP mailbox
https://bugzilla.redhat.com/show_bug.cgi?id=1602069
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-502e31a658' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------