Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:14551-1

Опубликовано: 30 нояб. 2020
Источник: suse-cvrf

Описание

Security update for mutt

This update for mutt fixes the following issues:

  • CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections (bsc#1179035)
  • Avoid that message with a million tiny parts can freeze MUA for several minutes (bsc#1179113)

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3
mutt-1.5.17-42.56.1
SUSE Linux Enterprise Server 11 SP4-LTSS
mutt-1.5.17-42.56.1

Описание

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.


Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.56.1
SUSE Linux Enterprise Server 11 SP4-LTSS:mutt-1.5.17-42.56.1

Ссылки