Advisories ยป MGASA-2018-0447

Updated mutt packages fix security vulnerability

Publication date: 15 Nov 2018
Modification date: 15 Nov 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-14349 , CVE-2018-14350 , CVE-2018-14351 , CVE-2018-14352 , CVE-2018-14353 , CVE-2018-14354 , CVE-2018-14355 , CVE-2018-14356 , CVE-2018-14357 , CVE-2018-14358 , CVE-2018-14359 , CVE-2018-14360 , CVE-2018-14361 , CVE-2018-14362 , CVE-2018-14363

Description

It was discovered that Mutt incorrectly handled certain requests. An
attacker could possibly use this to execute arbitrary code (CVE-2018-14350,
CVE-2018-14352, CVE-2018-14354, CVE-2018-14359, CVE-2018-14358,
CVE-2018-14353 ,CVE-2018-14357).

It was discovered that Mutt incorrectly handled certain inputs. An attacker
could possibly use this to access or expose sensitive information
(CVE-2018-14355, CVE-2018-14356, CVE-2018-14351, CVE-2018-14362,
CVE-2018-14349).

nntp_add_group in newsrc.c has a stack-based buffer overflow because of
incorrect sscanf usage (CVE-2018-14360).

nntp.c proceeds even if memory allocation fails for messages data
(CVE-2018-14361).

newsrc.c does not properlyrestrict '/' characters that may have unsafe
interaction with cache pathnames (CVE-2018-14363).

References

SRPMS

6/core