[3.9] mutt: Multiple vulnerabilities (CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352, CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356, CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362)
CVE-2018-14349: Heap Overflow in imap/command.c
Fixed In Version:
mutt 1.10.1
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14349
Patches:
https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416
CVE-2018-14350: stack-based buffer overflow in imap/message.c
Fixed In Version:
mutt 1.10.1
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14349
Patch:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14351: IMAP status mailbox literal mishandled in imap/command.c
Fixed In Version:
mutt 1.10.1
References:
http://www.mutt.org/news.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14351
Patch:
https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1
CVE-2018-14352: stack-based buffer overflow in imap/util.c
Fixed In Version:
mutt 1.10.1
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14352
Patch:
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14353: integer underflow in imap/util.c
Fixed In Version:
mutt 1.10.1
References:
http://www.mutt.org/news.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14353
Patch:
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14354: Remote code injection vulnerability to an IMAP mailbox
Fixed In Version:
mutt 1.10.1
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14354
Patch:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14355: IMAP header caching path traversal vulnerability
Fixed In Version:
mutt 1.10.1
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14355
Patch:
https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d
CVE-2018-14356: mishandles a zero-length UID in pop.c
Fixed In Version:
mutt 1.10.1
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14356
Patch:
https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6
CVE-2018-14357: Remote Code Execution via backquote characters
Fixed In Version:
mutt 1.10.1
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14357
Patch:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14358: stack-based buffer overflow in imap/message.c
Fixed In Version:
mutt 1.10.1
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14358
Patch:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14359: buffer overflow via base64 data
Fixed In Version:
mutt 1.10.1
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14359
Patch:
https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a
CVE-2018-14362: POP body caching path traversal vulnerability
Fixed In Version:
mutt 1.10.1
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14362
Patch:
https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576
(from redmine: issue id 9128, created on 2018-07-24, closed on 2018-07-27)
- Relations:
- copied_to #9127 (closed)
- parent #9127 (closed)
- Changesets:
- Revision ed115862 by Natanael Copa on 2018-07-24T15:23:25Z:
main/mutt: security upgrade to 1.10.1
CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352,
CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356,
CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362
fixes #9128