mutt-1.5.21-28.el7
エラータID: AXSA:2018-3300:01
Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP.
Security Fix(es):
* mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354)
* mutt: Remote Code Execution via backquote characters (CVE-2018-14357)
* mutt: POP body caching path traversal vulnerability (CVE-2018-14362)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2018-14354
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.
CVE-2018-14357
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.
CVE-2018-14362
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.
Update packages.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.
N/A
SRPMS
- mutt-1.5.21-28.el7.src.rpm
MD5: c7a9e8dab0b61e9b83ffe7ae915d8302
SHA-256: 07290568bd52328970957bd0bca5e077251c5c64cebe7f0fb8222c598c01e809
Size: 3.59 MB
Asianux Server 7 for x86_64
- mutt-1.5.21-28.el7.x86_64.rpm
MD5: 1de83d9db0d218fe76bf2fa9d7822b01
SHA-256: 16b6aef8c6d07b1a2a8e7e707283aa2e3f2c0334de58895e787ac73d8595fa74
Size: 1.38 MB