MGASA-2018-0447

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0447.html

Import Source

https://advisories.mageia.org/MGASA-2018-0447.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2018-0447

Related

Published

2018-11-15T22:04:32Z

Modified

2018-11-15T21:36:42Z

Summary

Updated mutt packages fix security vulnerability

Details

It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this to execute arbitrary code (CVE-2018-14350, CVE-2018-14352, CVE-2018-14354, CVE-2018-14359, CVE-2018-14358, CVE-2018-14353 ,CVE-2018-14357).

It was discovered that Mutt incorrectly handled certain inputs. An attacker could possibly use this to access or expose sensitive information (CVE-2018-14355, CVE-2018-14356, CVE-2018-14351, CVE-2018-14362, CVE-2018-14349).

nntpaddgroup in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage (CVE-2018-14360).

nntp.c proceeds even if memory allocation fails for messages data (CVE-2018-14361).

newsrc.c does not properlyrestrict '/' characters that may have unsafe interaction with cache pathnames (CVE-2018-14363).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / mutt

Package

Name: mutt
Purl: pkg:rpm/mageia/mutt?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.1-1.1.mga6

Ecosystem specific

{
    "section": "core"
}