Package name
mutt
Date
2012-04-02
Advisory ID
MDVSA-2012:048
Affected versions
2011 i586 , 2011 x86_64 , 2010.1 i586 , 2010.1 x86_64

Problem description

A vulnerability has been found and corrected in mutt:

Mutt does not verify that the smtps server hostname matches the
domain name of the subject of an X.509 certificate, which allows
man-in-the-middle attackers to spoof an SSL SMTP server via an
arbitrary certificate, a different vulnerability than CVE-2009-3766
(CVE-2011-1429).

The updated packages have been patched to correct this issue.

Updated packages

2011 i586

 4e480fec25cad2be24ed6075fec5d537  2011/i586/mutt-1.5.21-4.1-mdv2011.0.i586.rpm
 6e9a9c674316eead9dfa9d29675d2f4b  2011/i586/mutt-doc-1.5.21-4.1-mdv2011.0.i586.rpm
 766b9fcd4c75e05d02ea6e79e934c83c  2011/i586/mutt-utf8-1.5.21-4.1-mdv2011.0.i586.rpm 
 a1b4841e7a8db04657563f5d68ae1cfa  2011/SRPMS/mutt-1.5.21-4.1.src.rpm

2011 x86_64

 957b7b40138a92692117b58ebde4a519  2011/x86_64/mutt-1.5.21-4.1-mdv2011.0.x86_64.rpm
 b8ac8f86c7d140daa76099108ac093ea  2011/x86_64/mutt-doc-1.5.21-4.1-mdv2011.0.x86_64.rpm
 0ba9b97a4e86a2a9212b02c0c8044d64  2011/x86_64/mutt-utf8-1.5.21-4.1-mdv2011.0.x86_64.rpm 
 a1b4841e7a8db04657563f5d68ae1cfa  2011/SRPMS/mutt-1.5.21-4.1.src.rpm

2010.1 i586

 259d3e1ff6010d627b12e7e3d811e491  2010.1/i586/mutt-1.5.20-8.1mdv2010.2.i586.rpm
 94f63d3d84fe4248d16f4a62878d75d1  2010.1/i586/mutt-doc-1.5.20-8.1mdv2010.2.i586.rpm
 6fc1db14e295367cc1feb77c27860496  2010.1/i586/mutt-utf8-1.5.20-8.1mdv2010.2.i586.rpm 
 8ddc153f85c9dcac0a15c57900ef45aa  2010.1/SRPMS/mutt-1.5.20-8.1mdv2010.2.src.rpm

2010.1 x86_64

 a2d715b14e7089590e19adec9ef119e7  2010.1/x86_64/mutt-1.5.20-8.1mdv2010.2.x86_64.rpm
 9af5ce5ebf4441afbe74fb3ef2181978  2010.1/x86_64/mutt-doc-1.5.20-8.1mdv2010.2.x86_64.rpm
 57ad848c730d9ea21ea8f5018380e9c4  2010.1/x86_64/mutt-utf8-1.5.20-8.1mdv2010.2.x86_64.rpm 
 8ddc153f85c9dcac0a15c57900ef45aa  2010.1/SRPMS/mutt-1.5.20-8.1mdv2010.2.src.rpm

References