Advisories » MGASA-2020-0448

Updated mutt packages fix a security vulnerability

Publication date: 05 Dec 2020
Modification date: 05 Dec 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-28896

Description

Mutt before 2.0.2 did not ensure that $ssl_force_tls was processed if an IMAP
server's initial server response was invalid. The connection was not properly
closed, and the code could continue attempting to authenticate. This could
result in authentication credentials being exposed on an unencrypted
connection, or to a machine-in-the-middle (CVE-2020-28896).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=27686
• https://ubuntu.com/security/notices/USN-4645-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28896

SRPMS

7/core

• mutt-1.11.4-1.4.mga7