Описание
Security update for mutt
The mailreader mutt was updated to fix a security issue in displaying mail headers, where a crafted e-mail could cause a heap overflow, which in turn might be used by attackers to crash mutt or potentially even execute code.
Security Issues references:
* CVE-2014-0467
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467>
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
mutt-1.5.17-42.37.1
SUSE Linux Enterprise Server 11 SP3
mutt-1.5.17-42.37.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
mutt-1.5.17-42.37.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
mutt-1.5.17-42.37.1
Ссылки
- Link for SUSE-SU-2015:0758-1
- E-Mail link for SUSE-SU-2015:0758-1
- SUSE Security Ratings
- SUSE Bug 868115
- SUSE Bug 905481
- SUSE Bug 907453
- SUSE CVE CVE-2014-0467 page
- SUSE CVE CVE-2014-9116 page
Описание
Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:mutt-1.5.17-42.37.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.37.1
SUSE Linux Enterprise Server 11 SP3:mutt-1.5.17-42.37.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3:mutt-1.5.17-42.37.1
Ссылки
- CVE-2014-0467
- SUSE Bug 868115
Описание
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:mutt-1.5.17-42.37.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.37.1
SUSE Linux Enterprise Server 11 SP3:mutt-1.5.17-42.37.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3:mutt-1.5.17-42.37.1
Ссылки
- CVE-2014-9116
- SUSE Bug 907453