Mutt UTF-7 Internationalized Remote Folder Buffer Overrun Vulnerability

Threat level definition

Mutt UTF-7 Internationalized Remote Folder Buffer Overrun Vulnerability

Solution:
Conectiva has released an additional advisory CLA-2003:635 that contains fixes to address this issue in Balsa.

Users are advised to upgrade to version 1.4.1 (stable). The patched unstable version is 1.5.4.

OpenPKG has made fixed versions available, and released advisory OpenPKG-SA-2003.025 to address this issue.

Slackware has released fixes for this issue. Users are advised to upgrade to mutt-1.4.1i.

Gentoo Linux has addressed this issue in advisory 200303-19. Affected users have been advised to issue the following commands to upgrade the vulnerable package:

emerge sync
emerge mutt
emerge clean

Red Hat Linux has released an advisory (RHSA-2003:109-03). Information about obtaining and applying fixes are available in the referenced advisory.

Conectiva has released advisory CLA-2003:626 to address this issue. An additional advisory has been released (CLA-2003:630) which contains fixes which address this issue in Balsa.

Gentoo Linux has released a new advisory. Users who have installed net-mail/balsa are advised to upgrade to balsa-2.0.10 by issuing the following commands:

emerge sync
emerge balsa
emerge clean

Red Hat has also released an advisory (RHSA-2003:111-08) which contains upgrade details for Enterprise distributions, which are available through the Red Hat Network.

GNOME Balsa 1.2.4

Conectiva balsa-1.2.4-2U80_1cl.i386.rpm
Conectiva 8
ftp://atualizacoes.conectiva.com.br/8/RPMS/balsa-1.2.4-2U80_1cl.i386.r pm

Conectiva balsa-help-1.2.4-2U80_1cl.i386.rpm
Conectiva 8
ftp://atualizacoes.conectiva.com.br/8/RPMS/balsa-help-1.2.4-2U80_1cl.i 386.rpm

Conectiva balsa-2.0.9-29086U90_1cl.i386.rpm
Conectiva 9
ftp://atualizacoes.conectiva.com.br/9/RPMS/balsa-2.0.9-29086U90_1cl.i3 86.rpm

Conectiva balsa-help-2.0.9-29086U90_1cl.i386.rpm
Conectiva 9
ftp://atualizacoes.conectiva.com.br/9/RPMS/balsa-help-2.0.9-29086U90_1 cl.i386.rpm

Sun balsa-1.2.4-7.7.2.i386.rpm
ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM S/balsa-1.2.4-7.7.2.i386.rpm

Mutt Mutt 1.3.12

Mutt mutt-1.4.1i.tar.gz
ftp://ftp.mutt.org/mutt/mutt-1.4.1i.tar.gz

SuSE mutt-1.3.12i-15.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/7.1/n1/mutt-1.3.12i-15.alpha.rp m

SuSE mutt-1.3.12i-16.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n1/mutt-1.3.12i-16.ppc.rpm

SuSE mutt-1.3.12i-69.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n1/mutt-1.3.12i-69.i386.rp m

Mutt Mutt 1.3.16

Mutt mutt-1.4.1i.tar.gz
ftp://ftp.mutt.org/mutt/mutt-1.4.1i.tar.gz

SuSE mutt-1.3.16i-92.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/mutt-1.3.16i-92.i386.rp m

Mutt Mutt 1.3.17

Conectiva mutt-1.3.17-8U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mutt-1.3.17-8U70_2cl.i386 .rpm

Mutt mutt-1.4.1i.tar.gz
ftp://ftp.mutt.org/mutt/mutt-1.4.1i.tar.gz

Mutt Mutt 1.3.22

Mutt mutt-1.4.1i.tar.gz
ftp://ftp.mutt.org/mutt/mutt-1.4.1i.tar.gz

SuSE mutt-1.3.22.1i-124.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n1/mutt-1.3.22.1i-124.ppc.r pm

SuSE mutt-1.3.22.1i-170.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/mutt-1.3.22.1i-170.i386 .rpm

SuSE mutt-1.3.22.1i-39.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n1/mutt-1.3.22.1i-39.spar c.rpm

Mutt Mutt 1.3.24

Mutt mutt-1.4.1i.tar.gz
ftp://ftp.mutt.org/mutt/mutt-1.4.1i.tar.gz

Mutt Mutt 1.3.25

Conectiva mutt-1.3.25-2U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/mutt-1.3.25-2U80_1cl.i386.r pm

Mutt mutt-1.4.1i.tar.gz
ftp://ftp.mutt.org/mutt/mutt-1.4.1i.tar.gz

Mutt Mutt 1.3.27

SuSE mutt-1.3.27i-77.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/mutt-1.3.27i-77.i386.pa tch.rpm

SuSE mutt-1.3.27i-77.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/mutt-1.3.27i-77.i386.rp m

Mutt Mutt 1.3.28

Debian mutt-utf8_1.3.28-2.1_alpha.deb
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2 .1_alpha.deb

Debian mutt-utf8_1.3.28-2.1_arm.deb
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2 .1_arm.deb

Debian mutt-utf8_1.3.28-2.1_hppa.deb
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2 .1_hppa.deb

Debian mutt-utf8_1.3.28-2.1_i386.deb
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2 .1_i386.deb

Debian mutt-utf8_1.3.28-2.1_ia64.deb
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2 .1_ia64.deb

Debian mutt-utf8_1.3.28-2.1_m68k.deb
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2 .1_m68k.deb

Debian mutt-utf8_1.3.28-2.1_mips.deb
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2 .1_mips.deb

Debian mutt-utf8_1.3.28-2.1_mipsel.deb
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2 .1_mipsel.deb

Debian mutt-utf8_1.3.28-2.1_powerpc.deb
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2 .1_powerpc.deb

Debian mutt-utf8_1.3.28-2.1_s390.deb
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2 .1_s390.deb

Debian mutt-utf8_1.3.28-2.1_sparc.deb
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2 .1_sparc.deb

Debian mutt_1.3.28-2.1_alpha.deb
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.1_al pha.deb

Debian mutt_1.3.28-2.1_arm.deb
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.1_ar m.deb

Debian mutt_1.3.28-2.1_hppa.deb
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.1_hp pa.deb

Debian mutt_1.3.28-2.1_i386.deb
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.1_i3 86.deb

Debian mutt_1.3.28-2.1_ia64.deb
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.1_ia 64.deb

Debian mutt_1.3.28-2.1_m68k.deb
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.1_m6 8k.deb

Debian mutt_1.3.28-2.1_mips.deb
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.1_mi ps.deb

Debian mutt_1.3.28-2.1_mipsel.deb
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.1_mi psel.deb

Debian mutt_1.3.28-2.1_powerpc.deb
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.1_po werpc.deb

Debian mutt_1.3.28-2.1_s390.deb
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.1_s3 90.deb

Debian mutt_1.3.28-2.1_sparc.deb
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.1_sp arc.deb

MandrakeSoft mutt-1.3.28i-1.2mdk.i586.rpm
Mandrake Linux 8.2
http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft mutt-1.3.28i-1.2mdk.ppc.rpm
Mandrake Linux 8.2/PPC
http://www.mandrakesecure.net/en/ftp.php

Mutt Mutt 1.4 .0

MandrakeSoft mutt-1.4.1i-1.1mdk.i586.rpm
Mandrake Linux 9.0
http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft mutt-1.4.1i-1.1mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft mutt-1.4.1i-1.1mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php

Mutt mutt-1.4.1i.tar.gz
ftp://ftp.mutt.org/mutt/mutt-1.4.1i.tar.gz

OpenPKG mutt-1.4.1i-20030320.src.rpm
ftp://ftp.openpkg.org/current/SRC/mutt-1.4.1i-20030320.src.rpm

OpenPKG mutt-1.4i-1.1.1.src.rpm
ftp://ftp.openpkg.org/release/1.1/UPD/mutt-1.4i-1.1.1.src.rpm

OpenPKG mutt-1.4i-1.2.1.src.rpm
ftp://ftp.openpkg.org/release/1.2/UPD/mutt-1.4i-1.2.1.src.rpm

Slackware mutt-1.4.1i-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/m utt-1.4.1i-i386-1.tgz

Slackware mutt-1.4.1i-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/m utt-1.4.1i-i386-1.tgz

SuSE mutt-1.4i-216.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/mutt-1.4i-216.i58 6.patch.rpm

SuSE mutt-1.4i-216.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/mutt-1.4i-216.i58 6.rpm

Mutt Mutt 1.5.3

Mutt mutt-1.5.4i.tar.gz
ftp://ftp.mutt.org/mutt/mutt-1.5.4i.tar.gz

Privacy Statement
Copyright 2008, SecurityFocus