=========================================================== Ubuntu Security Notice USN-307-1 June 28, 2006 mutt vulnerability http://secunia.com/advisories/20810 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: mutt 1.5.6-20040907+2ubuntu0.1 Ubuntu 5.10: mutt 1.5.9-2ubuntu1.1 Ubuntu 6.06 LTS: mutt 1.5.11-3ubuntu2.1 After a standard system upgrade you need to restart mutt to effect the necessary changes. Details follow: TAKAHASHI Tamotsu discovered that mutt's IMAP backend did not sufficiently check the validity of namespace strings. If an user connects to a malicious IMAP server, that server could exploit this to crash mutt or even execute arbitrary code with the privileges of the mutt user. Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.6-20040907+2ubuntu0.1.diff.gz Size/MD5: 416375 64e6905e87d3b10d59f920b24baba212 http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.6-20040907+2ubuntu0.1.dsc Size/MD5: 794 90d6fdf6ed6ed8066217424251b5f70c http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.6.orig.tar.gz Size/MD5: 2908273 1df09da057a96ef35c4d347779c314a9 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.6-20040907+2ubuntu0.1_amd64.deb Size/MD5: 710852 41183be381c5ba75a1a370e1af65b0c2 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.6-20040907+2ubuntu0.1_i386.deb Size/MD5: 669278 03cc903858ad0243209209ab9de628e1 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.6-20040907+2ubuntu0.1_powerpc.deb Size/MD5: 715092 3506f6ca75eb05c61e3842a089d0e0a0 Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1.1.diff.gz Size/MD5: 93197 655e867ac1e488c5ab37088a2bfb6c08 http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1.1.dsc Size/MD5: 781 b4b263c27a300e31e649f93fad8ebeb6 http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9.orig.tar.gz Size/MD5: 3033253 587dd1d8f44361b73b82ef64eb30c3a0 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1.1_amd64.deb Size/MD5: 730970 43ff1cfac57392b942729e74fa469598 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1.1_i386.deb Size/MD5: 679380 a5230b99c9384aceaa5afb074369386a powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1.1_powerpc.deb Size/MD5: 724474 ea2ecb5f204eb66b9ecfb8de8e36e4e8 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu2.1.diff.gz Size/MD5: 416978 5580d195c109c523948a28b967f6f9fb http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu2.1.dsc Size/MD5: 751 d1b22f97bb807fb6d4f81f735b3f1a66 http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11.orig.tar.gz Size/MD5: 3187076 30f165fdfaf474521a640f1f3886069a amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu2.1_amd64.deb Size/MD5: 960128 2ce3a523e12f5e1493381f36f00cd189 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu2.1_i386.deb Size/MD5: 907296 da20b1b549edee817d1b1c87e6d13537 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu2.1_powerpc.deb Size/MD5: 956104 a331b93132b08dbac6bcdf5fc125e5c4 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu2.1_sparc.deb Size/MD5: 924652 37de7b45c27daae34f8c96114cc2536b
Attachment:
signature.asc
Description: Digital signature