| |||||||||||||
|
| |||||||||||||
Gentoo alert 200303-19 (mutt)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200303-19 - - --------------------------------------------------------------------- PACKAGE : mutt SUMMARY : buffer overflow DATE : 2003-03-22 18:19 UTC EXPLOIT : local VERSIONS AFFECTED : <1.4.1 FIXED VERSION : >=1.4.1 CVE : CAN-2003-0140 - - --------------------------------------------------------------------- - From advisory: "By controlling a malicious IMAP server and providing a specially crafted folder, an attacker can crash the mail reader and possibly force execution of arbitrary commands on the vulnerable system with the privileges of the user running Mutt." Read the full advisory at: http://www.coresecurity.com/common/showdoc.php?idx=310&idxseccion=10 SOLUTION It is recommended that all Gentoo Linux users who are running net-mail/mutt upgrade to mutt-1.4.1 as follows: emerge sync emerge mutt emerge clean - - --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz - - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+fKkyfT7nyhUpoZMRAkw6AKCmyIFHKpT4dpk4eafeuVw9M1zFZQCeI48z 7dK4rjkZJCsYlIk5Yk5Fd/c= =acwA -----END PGP SIGNATURE----- (Log in to post comments)
|
|||||||||||||