Package name
mutt
Date
2007-06-04
Advisory ID
MDKSA-2007:113
Affected versions
2007.0 x86_64 , 2007.1 i586 , 2007.0 i586 , CS3.0 x86_64 , CS3.0 i586 , 2007.1 x86_64

Problem description

A flaw in the way mutt processed certain APOP authentication requests
was discovered. By sending certain responses when mutt attempted to
authenticate again an APOP server, a remote attacker could possibly
obtain certain portions of the user's authentication credentials
(CVE-2007-1558).

A flaw in how mutt handled certain characters in gecos fields could
lead to a buffer overflow. A local user able to give themselves a
carefully crafted Real Name could potentially execute arbitrary code
if a victim used mutt to expand the attacker's alias (CVE-2007-2683).

Updated packages have been patched to address these issues.

Updated packages

2007.0 x86_64

 3c26410f2cbed87435c86122095994e0  2007.0/x86_64/mutt-1.5.11-5.2mdv2007.0.x86_64.rpm
 c8a815d5f8de4cf548084bbcb0cc4957  2007.0/x86_64/mutt-utf8-1.5.11-5.2mdv2007.0.x86_64.rpm 
 cb6ce601ab9f3542afcacb09614a4ebd  2007.0/SRPMS/mutt-1.5.11-5.2mdv2007.0.src.rpm

2007.1 i586

 9c4ced2eba202a4f2670d6986ba12d4a  2007.1/i586/mutt-1.5.14-1.1mdv2007.1.i586.rpm
 f6db8984bf23a3dfb38ac0aa50fc521f  2007.1/i586/mutt-utf8-1.5.14-1.1mdv2007.1.i586.rpm 
 4d192718f3b9b508492f6e686e96c27b  2007.1/SRPMS/mutt-1.5.14-1.1mdv2007.1.src.rpm

2007.0 i586

 b43721e2b31820fd9f5812d5d2ea7709  2007.0/i586/mutt-1.5.11-5.2mdv2007.0.i586.rpm
 0a2ecfcd4950075f788a68c16e6a513d  2007.0/i586/mutt-utf8-1.5.11-5.2mdv2007.0.i586.rpm 
 cb6ce601ab9f3542afcacb09614a4ebd  2007.0/SRPMS/mutt-1.5.11-5.2mdv2007.0.src.rpm

CS3.0 x86_64

 07e8da602972a500108a15dc6e751ebd  corporate/3.0/x86_64/mutt-1.5.5.1i-2.3.C30mdk.x86_64.rpm
 3f7729407df0c9037c5514c3f9b746fe  corporate/3.0/x86_64/mutt-utf8-1.5.5.1i-2.3.C30mdk.x86_64.rpm 
 a7a4c85f414451f966598bf5ac39e86f  corporate/3.0/SRPMS/mutt-1.5.5.1i-2.3.C30mdk.src.rpm

CS3.0 i586

 04fc719b9625069d10f3d8fc8234d0e2  corporate/3.0/i586/mutt-1.5.5.1i-2.3.C30mdk.i586.rpm
 e8edc6bc6d2726c87841c26140293f3a  corporate/3.0/i586/mutt-utf8-1.5.5.1i-2.3.C30mdk.i586.rpm 
 a7a4c85f414451f966598bf5ac39e86f  corporate/3.0/SRPMS/mutt-1.5.5.1i-2.3.C30mdk.src.rpm

2007.1 x86_64

 55ddf6e16f45e7d206279c207c51725a  2007.1/x86_64/mutt-1.5.14-1.1mdv2007.1.x86_64.rpm
 980c4db7c94c05cf53329b085b0d44d8  2007.1/x86_64/mutt-utf8-1.5.14-1.1mdv2007.1.x86_64.rpm 
 4d192718f3b9b508492f6e686e96c27b  2007.1/SRPMS/mutt-1.5.14-1.1mdv2007.1.src.rpm

References