Описание
Security update for mutt
This update for mutt fixes the following issues:
- CVE-2020-14954: Fixed a response injection due to a STARTTLS buffering issue which was affecting IMAP, SMTP, and POP3 (bsc#1173197).
- CVE-2020-14093: Fixed a potential IMAP Man-in-the-Middle attack via a PREAUTH response (bsc#1172906, bsc#1172935).
- CVE-2020-14154: Fixed an issue where Mutt was ignoring an expired certificate and was proceeding with a connection (bsc#1172906, bsc#1172935).
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
mutt-1.5.17-42.51.1
SUSE Linux Enterprise Server 11 SP4-LTSS
mutt-1.5.17-42.51.1
Ссылки
- Link for SUSE-SU-2020:14414-1
- E-Mail link for SUSE-SU-2020:14414-1
- SUSE Security Ratings
- SUSE Bug 1172906
- SUSE Bug 1172935
- SUSE Bug 1173197
- SUSE CVE CVE-2020-14093 page
- SUSE CVE CVE-2020-14154 page
- SUSE CVE CVE-2020-14954 page
Описание
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.51.1
SUSE Linux Enterprise Server 11 SP4-LTSS:mutt-1.5.17-42.51.1
Ссылки
- CVE-2020-14093
- SUSE Bug 1172906
- SUSE Bug 1172935
Описание
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.51.1
SUSE Linux Enterprise Server 11 SP4-LTSS:mutt-1.5.17-42.51.1
Ссылки
- CVE-2020-14154
- SUSE Bug 1172906
- SUSE Bug 1172935
Описание
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.51.1
SUSE Linux Enterprise Server 11 SP4-LTSS:mutt-1.5.17-42.51.1
Ссылки
- CVE-2020-14954
- SUSE Bug 1173197