==========================================================================
Ubuntu Security Notice USN-2440-1
December 11, 2014
mutt vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.10
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS
Summary:
The mutt mail client could be made to crash if it opened a specially
crafted email.
Software Description:
– mutt: text-based mailreader supporting MIME, GPG, PGP and threading
Details:
Jakub Wilk discovered that the write_one_header function in mutt
did not properly handle newline characters at the beginning of a
header. An attacker could specially craft an email to cause mutt to
crash, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
mutt 1.5.23-1.1ubuntu0.2
mutt-patched 1.5.23-1.1ubuntu0.2
Ubuntu 14.04 LTS:
mutt 1.5.21-6.4ubuntu2.1
mutt-patched 1.5.21-6.4ubuntu2.1
Ubuntu 12.04 LTS:
mutt 1.5.21-5ubuntu2.2
mutt-patched 1.5.21-5ubuntu2.2
Ubuntu 10.04 LTS:
mutt 1.5.20-7ubuntu1.3
mutt-patched 1.5.20-7ubuntu1.3
After a standard system update you need to restart any running
instances of mutt to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2440-1
CVE-2014-9116
Package Information:
https://launchpad.net/ubuntu/+source/mutt/1.5.23-1.1ubuntu0.2
https://launchpad.net/ubuntu/+source/mutt/1.5.21-6.4ubuntu2.1
https://launchpad.net/ubuntu/+source/mutt/1.5.21-5ubuntu2.2
https://launchpad.net/ubuntu/+source/mutt/1.5.20-7ubuntu1.3
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJUigRSAAoJEC8Jno0AXoH0xtQP/jxsKtiUCvcvoF7ytOH/bgiN
wAcCj5cvTvwHZMAIWir/ja7PQ8Cz9tV+iwPrcYBo4tf3S8NbUoiR+tlRYOdNHe4i
COkPjjmE62lMgvusckO/4vQJQ3UNULLUWldJ+rZT8WVzUZHcXKKqYY+jMwHUuYlv
bfseyPpABeJhHeKbLUrBPnI3EnIhLMVUPFnACazxKLeBV69IfIXeaT5dAwblQUdL
76qmA1kBvOEVxgJywc6SpDBlVOHldA/OZjtr5cxI996InK/nBVZKU0XS+HQWk88t
5bHNowT3vQALTS23700fwJYZmQk7ZWrFHPl16SCH77QzApoB09oDAs306/yQ69uL
t4XcOgLLpQmvznaYGfjPTAhe4HglT2OWZxmbcys9ctt8Ig5Lp6i6oC04th9out9d
eNrFGcbvPcdJNPnMGKGg2GZwgD2JTtuqD80iZAaVnr9Rlb5WhM2axeHn2/vsVqgp
Y6csODrR2AGubNqSyko5UICAlvNmlQf0FGZnNyps2BlG2EnO/n9+SGRvR09a3G3n
aDjIPDQ43E4aA9eRxyJUPiPvAwtw4iLZVdscVqKq2RMydK/zzkg54gL/EX/GnIC0
sNLK/BdUjpCt86cuUBIyETNoyh+3uFFGkHfUnrQTeKbDy7omSL0r0bRbo1lJw2bU
5WKkAuwhGswyUMe3rPA2
=I23G
—–END PGP SIGNATURE—–
—