==========================================================================
Ubuntu Security Notice USN-4401-1
June 22, 2020
mutt vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.04 LTS
– Ubuntu 19.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in Mutt.
Software Description:
– mutt: text-based mailreader supporting MIME, GPG, PGP and threading
Details:
It was discovered that Mutt incorrectly handled certain requests.
An attacker could possibly use this issue to enable MITM attacks.
(CVE-2020-14093)
It was discovered that Mutt incorrectly handled certain requests.
An attacker could possibly use this issue to proceeds with a connection
even if the user rejects an expired intermediate certificate.
(CVE-2020-14154)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
mutt 1.13.2-1ubuntu0.1
Ubuntu 19.10:
mutt 1.10.1-2.1ubuntu0.1
Ubuntu 18.04 LTS:
mutt 1.9.4-3ubuntu0.2
Ubuntu 16.04 LTS:
mutt 1.5.24-1ubuntu0.3
Ubuntu 12.04 ESM:
mutt 1.5.21-5ubuntu2.4
After a standard system update you need to restart mutt to make all the necessary changes.
References:
https://usn.ubuntu.com/4401-1
CVE-2020-14093, CVE-2020-14154
Package Information:
https://launchpad.net/ubuntu/+source/mutt/1.13.2-1ubuntu0.1
https://launchpad.net/ubuntu/+source/mutt/1.10.1-2.1ubuntu0.1
https://launchpad.net/ubuntu/+source/mutt/1.9.4-3ubuntu0.2
https://launchpad.net/ubuntu/+source/mutt/1.5.24-1ubuntu0.3
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl7w1IEACgkQRbznW4QL
H2m3pg/7BQ5tzBAh/fFuCjGG339pLzXdizdI3pTV333RIBRWDbk4YYlGqgun43aU
moGRkoRShRHrTKMOHulkiw8T3rCjLc/Trm5DQm3hIMwnmz88Zkj5+mIKW3FxaGKL
wqWqjkdrw1sqvSb4ox2lnaVBhLhgHC3ifCstC0WaL4IJ3UwyDRlnMZ5FVBtDdoqq
KF9+PGqSDjaE0SnXRiLtEEaqEAq1t5FnUYWfFBSG3mZZOpl8NBf20ku8Kd8XkDPD
bIFw5fox8/WqKz4BtHevxFMYHjl6IhXSlw7VV17uiUFZtb8T60cBrhjOkypGGBIh
q3bWpCyG6xWBTp34S/T59Zx9AXziHhw9vXQK8iYQhutk7gjcL+x4tEPTqaooZYkF
Co6BMhZSuLxGssEKlHUB+ff2WZsxApOqGOWzvIvb4H/LDXtZMw9pgDV1Lhx0W9Jr
qWWnsaKpmTvnrvTlDJRZLiXMkNx7PHdXQCNfryFZJNYQkP+yMrI56+5GdlI8rdx4
GaMNklIlD79hqrOhbwotGNXKCSTg9y/uaafn1iLnx48mgkATIzDMv1LaixV8CRp7
w+8fuQiIXzayhkjywFUSJZrOadBSBQEsowy2S6L80qWJhht9iqAZUvLaH8tCf+tw
D7Qps346g8dwJhYubQP1A0AmqSYUEKyhjfMM8nyGKhcJ9SU9ZS0=
=Di6O
—–END PGP SIGNATURE—–
—