-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-19
- - ---------------------------------------------------------------------
PACKAGE : mutt
SUMMARY : buffer overflow
DATE : 2003-03-22 18:19 UTC
EXPLOIT : local
VERSIONS AFFECTED : <1.4.1
FIXED VERSION : >=1.4.1
CVE : CAN-2003-0140
- - ---------------------------------------------------------------------
- From advisory:
"By controlling a malicious IMAP server and providing a specially�
crafted folder, an attacker can crash the mail reader and possibly�
force execution of arbitrary commands on the vulnerable system�with
the privileges of the user running Mutt."
Read the full advisory at:
http://www.coresecurity.com/common/showdoc.php?idx=310&idxseccion=10
SOLUTION
It is recommended that all Gentoo Linux users who are running
net-mail/mutt upgrade to mutt-1.4.1 as follows:
emerge sync
emerge mutt
emerge clean
- - ---------------------------------------------------------------------
[EMAIL PROTECTED] - GnuPG key is available at http://cvs.gentoo.org/~aliz
- - ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+fKkyfT7nyhUpoZMRAkw6AKCmyIFHKpT4dpk4eafeuVw9M1zFZQCeI48z
7dK4rjkZJCsYlIk5Yk5Fd/c=
=acwA
-----END PGP SIGNATURE-----
