English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.852239
Kategorie:SuSE Local Security Checks
Titel:openSUSE: Security Advisory for mutt (openSUSE-SU-2019:0052-1)
Zusammenfassung:The remote host is missing an update for the 'mutt'; package(s) announced via the openSUSE-SU-2019:0052-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'mutt'
package(s) announced via the openSUSE-SU-2019:0052-1 advisory.

Vulnerability Insight:
This update for mutt fixes the following issues:

Security issues fixed:

- bsc#1101428: Mutt 1.10.1 security release update.

- CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status
mailbox literal count size (bsc#1101583).

- CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer
underflow (bsc#1101581).

- CVE-2018-14362: Fix pop.c that does not forbid characters that may have
unsafe interaction with message-cache pathnames (bsc#1101567).

- CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers
via backquote characters (bsc#1101578).

- CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave
room for quote characters (bsc#1101582).

- CVE-2018-14356: Fix pop.c that mishandles a zero-length UID
(bsc#1101576).

- CVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal
in a mailbox name (bsc#1101577).

- CVE-2018-14349: Fix imap/command.c that mishandles a NO response without
a message (bsc#1101589).

- CVE-2018-14350: Fix imap/message.c that has a stack-based buffer
overflow for a FETCH response with along INTERNALDATE field
(bsc#1101588).

- CVE-2018-14363: Fix newsrc.c that does not properlyrestrict '/'
characters that may have unsafe interaction with cache pathnames
(bsc#1101566).

- CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570).

- CVE-2018-14358: Fix imap/message.c that has a stack-based buffer
overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571).

- CVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based
buffer overflow because of incorrect sscanf usage (bsc#1101569).

- CVE-2018-14357: Fix that remote IMAP servers are allowed to execute
arbitrary commands via backquote characters (bsc#1101573).

- CVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails
for messages data (bsc#1101568).

Bug fixes:

- mutt reports as neomutt and incorrect version (bsc#1094717)

- No sidebar available in mutt 1.6.1 from Tumbleweed snapshot 20160517
(bsc#980830)

- mutt-1.6.1 unusable when built with --enable-sidebar (bsc#982129)

- (neo)mutt displaying times in Zulu time (bsc#1061343)

- mutt unconditionally segfaults when displaying a message (bsc#986534)

- For openSUSE Leap 42.3, retain split of -lang and -doc (boo#1120935)

This update was imported from the SUSE:SLE-12:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-52=1

Affected Software/OS:
mutt on openSUSE Leap 42.3.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-9116
BugTraq ID: 71334
http://www.securityfocus.com/bid/71334
Debian Security Information: DSA-3083 (Google Search)
http://www.debian.org/security/2014/dsa-3083
https://security.gentoo.org/glsa/201701-04
http://www.mandriva.com/security/advisories?name=MDVSA-2014:245
http://www.mandriva.com/security/advisories?name=MDVSA-2015:078
http://www.openwall.com/lists/oss-security/2014/11/27/9
http://www.openwall.com/lists/oss-security/2014/11/27/5
http://www.securitytracker.com/id/1031266
SuSE Security Announcement: SUSE-SU-2015:0012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00002.html
CopyrightCopyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.