[SECURITY] Fedora 7 Update: mutt-1.5.14-4.fc7

updates at fedoraproject.org updates at fedoraproject.org
Thu May 31 18:07:48 UTC 2007 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-0001
None
--------------------------------------------------------------------------------

Name        : mutt
Product     : Fedora 7
Version     : 1.5.14
Release     : 4.fc7
Summary     : A text mode mail user agent
Description :
Mutt is a text-mode mail user agent. Mutt supports color, threading,
arbitrary key remapping, and a lot of customization.

You should install mutt if you have used it in the past and you prefer
it, or if you are new to mail programs and have not decided which one
you are going to use.

--------------------------------------------------------------------------------
Update Information:

This update fixes two security issues:

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. (CVE-2007-1558)

Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion. (CVE-2007-2683)
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 31 2007 Miroslav Lichvar <mlichvar at redhat.com> 5:1.5.14-4
- validate msgid in APOP authentication (CVE-2007-1558)
- fix overflow in gecos field handling (CVE-2007-2683)
--------------------------------------------------------------------------------
References:

  CVE-2007-2683 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2683
  CVE-2007-1558 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558
--------------------------------------------------------------------------------
Updated packages:

0d77cc0f649490abd9f9f5647e4e2913e00159d8 mutt-1.5.14-4.fc7.ppc64.rpm
d785c471a51d451659879c46f658c0092464408b mutt-debuginfo-1.5.14-4.fc7.ppc64.rpm
89497641c382a999a84f9104dd313bf07b7e716b mutt-debuginfo-1.5.14-4.fc7.i386.rpm
001d473a42444ca1fa6199fdbff01d830553a2f5 mutt-1.5.14-4.fc7.i386.rpm
114cf3b1e8b53f083d8aa1b35f3aa2721fbdeb17 mutt-1.5.14-4.fc7.x86_64.rpm
cbf04dc13dbb231be3a364531067b1a5a826e69d mutt-debuginfo-1.5.14-4.fc7.x86_64.rpm
2726b125f4f05053507b4efee16a689b37e6dea6 mutt-1.5.14-4.fc7.ppc.rpm
616e62c1e6b402709285d54dbefc03da034fbe67 mutt-debuginfo-1.5.14-4.fc7.ppc.rpm
240746a7009d04df72e45d3b29999fc11f0a320f mutt-1.5.14-4.fc7.src.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

More information about the package-announce mailing list