MDVSA-2012:048
- Package name
- mutt
- Date
- 2012-04-02
- Advisory ID
- MDVSA-2012:048
- Affected versions
- 2011 i586 , 2011 x86_64 , 2010.1 i586 , 2010.1 x86_64
Problem description
A vulnerability has been found and corrected in mutt:
Mutt does not verify that the smtps server hostname matches the
domain name of the subject of an X.509 certificate, which allows
man-in-the-middle attackers to spoof an SSL SMTP server via an
arbitrary certificate, a different vulnerability than CVE-2009-3766
(CVE-2011-1429).
The updated packages have been patched to correct this issue.
Updated packages
2011 i586
4e480fec25cad2be24ed6075fec5d537 2011/i586/mutt-1.5.21-4.1-mdv2011.0.i586.rpm 6e9a9c674316eead9dfa9d29675d2f4b 2011/i586/mutt-doc-1.5.21-4.1-mdv2011.0.i586.rpm 766b9fcd4c75e05d02ea6e79e934c83c 2011/i586/mutt-utf8-1.5.21-4.1-mdv2011.0.i586.rpm a1b4841e7a8db04657563f5d68ae1cfa 2011/SRPMS/mutt-1.5.21-4.1.src.rpm
2011 x86_64
957b7b40138a92692117b58ebde4a519 2011/x86_64/mutt-1.5.21-4.1-mdv2011.0.x86_64.rpm b8ac8f86c7d140daa76099108ac093ea 2011/x86_64/mutt-doc-1.5.21-4.1-mdv2011.0.x86_64.rpm 0ba9b97a4e86a2a9212b02c0c8044d64 2011/x86_64/mutt-utf8-1.5.21-4.1-mdv2011.0.x86_64.rpm a1b4841e7a8db04657563f5d68ae1cfa 2011/SRPMS/mutt-1.5.21-4.1.src.rpm
2010.1 i586
259d3e1ff6010d627b12e7e3d811e491 2010.1/i586/mutt-1.5.20-8.1mdv2010.2.i586.rpm 94f63d3d84fe4248d16f4a62878d75d1 2010.1/i586/mutt-doc-1.5.20-8.1mdv2010.2.i586.rpm 6fc1db14e295367cc1feb77c27860496 2010.1/i586/mutt-utf8-1.5.20-8.1mdv2010.2.i586.rpm 8ddc153f85c9dcac0a15c57900ef45aa 2010.1/SRPMS/mutt-1.5.20-8.1mdv2010.2.src.rpm
2010.1 x86_64
a2d715b14e7089590e19adec9ef119e7 2010.1/x86_64/mutt-1.5.20-8.1mdv2010.2.x86_64.rpm 9af5ce5ebf4441afbe74fb3ef2181978 2010.1/x86_64/mutt-doc-1.5.20-8.1mdv2010.2.x86_64.rpm 57ad848c730d9ea21ea8f5018380e9c4 2010.1/x86_64/mutt-utf8-1.5.20-8.1mdv2010.2.x86_64.rpm 8ddc153f85c9dcac0a15c57900ef45aa 2010.1/SRPMS/mutt-1.5.20-8.1mdv2010.2.src.rpm