mutt-1.5.20-9.20091214hg736b6a.AXS4
エラータID: AXSA:2018-3302:01
Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP.
Security Fix(es):
* mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354)
* mutt: Remote Code Execution via backquote characters (CVE-2018-14357)
* mutt: POP body caching path traversal vulnerability (CVE-2018-14362)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2018-14354
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.
CVE-2018-14357
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.
CVE-2018-14362
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.
Update packages.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.
N/A
SRPMS
- mutt-1.5.20-9.20091214hg736b6a.AXS4.src.rpm
MD5: 347c7a11dbcdb2760e55820ee845e9a2
SHA-256: df25d08c782acddcee7db620b3ec89d812d6ac2331d3cc577565536401690ac8
Size: 1.48 MB
Asianux Server 4 for x86
- mutt-1.5.20-9.20091214hg736b6a.AXS4.i686.rpm
MD5: d1b4ce5a6cfa67c8b9095856b68f0c26
SHA-256: 6557ca3c6bda178b45c48bfd4a8fedef2a7314fb47b5a5a6bca52a5ea2645b8c
Size: 1.23 MB
Asianux Server 4 for x86_64
- mutt-1.5.20-9.20091214hg736b6a.AXS4.x86_64.rpm
MD5: 3f28e6ba8b56aff98810913f25f13b06
SHA-256: 246332c1697183168cc292ac585e6b695df939ced805805482b02552064e8663
Size: 1.24 MB