Описание
Security update for mutt
This update for mutt fixes the following issues:
- CVE-2020-14954: Fixed a response injection due to a STARTTLS buffering issue which was affecting IMAP, SMTP, and POP3 (bsc#1173197).
- CVE-2020-14093: Fixed a potential IMAP Man-in-the-Middle attack via a PREAUTH response (bsc#1172906, bsc#1172935).
- CVE-2020-14154: Fixed an issue where Mutt was ignoring an expired certificate and was proceeding with a connection (bsc#1172906, bsc#1172935).
Список пакетов
HPE Helion OpenStack 8
mutt-1.10.1-55.11.1
Image SLES12-SP4-SAP-Azure
mutt-1.10.1-55.11.1
Image SLES12-SP4-SAP-Azure-BYOS
mutt-1.10.1-55.11.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
mutt-1.10.1-55.11.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
mutt-1.10.1-55.11.1
Image SLES12-SP4-SAP-EC2-HVM
mutt-1.10.1-55.11.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
mutt-1.10.1-55.11.1
Image SLES12-SP4-SAP-GCE
mutt-1.10.1-55.11.1
Image SLES12-SP4-SAP-GCE-BYOS
mutt-1.10.1-55.11.1
Image SLES12-SP4-SAP-OCI-BYOS
mutt-1.10.1-55.11.1
Image SLES12-SP5-Azure-SAP-BYOS
mutt-1.10.1-55.11.1
Image SLES12-SP5-Azure-SAP-On-Demand
mutt-1.10.1-55.11.1
Image SLES12-SP5-EC2-SAP-BYOS
mutt-1.10.1-55.11.1
Image SLES12-SP5-EC2-SAP-On-Demand
mutt-1.10.1-55.11.1
Image SLES12-SP5-GCE-SAP-BYOS
mutt-1.10.1-55.11.1
Image SLES12-SP5-GCE-SAP-On-Demand
mutt-1.10.1-55.11.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
mutt-1.10.1-55.11.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
mutt-1.10.1-55.11.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
mutt-1.10.1-55.11.1
SUSE Enterprise Storage 5
mutt-1.10.1-55.11.1
SUSE Linux Enterprise Server 12 SP2-BCL
mutt-1.10.1-55.11.1
SUSE Linux Enterprise Server 12 SP2-LTSS
mutt-1.10.1-55.11.1
SUSE Linux Enterprise Server 12 SP3-BCL
mutt-1.10.1-55.11.1
SUSE Linux Enterprise Server 12 SP3-LTSS
mutt-1.10.1-55.11.1
SUSE Linux Enterprise Server 12 SP4
mutt-1.10.1-55.11.1
SUSE Linux Enterprise Server 12 SP5
mutt-1.10.1-55.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
mutt-1.10.1-55.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
mutt-1.10.1-55.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
mutt-1.10.1-55.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
mutt-1.10.1-55.11.1
SUSE OpenStack Cloud 7
mutt-1.10.1-55.11.1
SUSE OpenStack Cloud 8
mutt-1.10.1-55.11.1
SUSE OpenStack Cloud Crowbar 8
mutt-1.10.1-55.11.1
Ссылки
- Link for SUSE-SU-2020:1794-1
- E-Mail link for SUSE-SU-2020:1794-1
- SUSE Security Ratings
- SUSE Bug 1172906
- SUSE Bug 1172935
- SUSE Bug 1173197
- SUSE CVE CVE-2020-14093 page
- SUSE CVE CVE-2020-14154 page
- SUSE CVE CVE-2020-14954 page
Описание
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.
Затронутые продукты
HPE Helion OpenStack 8:mutt-1.10.1-55.11.1
Image SLES12-SP4-SAP-Azure-BYOS:mutt-1.10.1-55.11.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:mutt-1.10.1-55.11.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:mutt-1.10.1-55.11.1
Ссылки
- CVE-2020-14093
- SUSE Bug 1172906
- SUSE Bug 1172935
Описание
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.
Затронутые продукты
HPE Helion OpenStack 8:mutt-1.10.1-55.11.1
Image SLES12-SP4-SAP-Azure-BYOS:mutt-1.10.1-55.11.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:mutt-1.10.1-55.11.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:mutt-1.10.1-55.11.1
Ссылки
- CVE-2020-14154
- SUSE Bug 1172906
- SUSE Bug 1172935
Описание
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
Затронутые продукты
HPE Helion OpenStack 8:mutt-1.10.1-55.11.1
Image SLES12-SP4-SAP-Azure-BYOS:mutt-1.10.1-55.11.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:mutt-1.10.1-55.11.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:mutt-1.10.1-55.11.1
Ссылки
- CVE-2020-14954
- SUSE Bug 1173197