[Frugalware-security] [ FSA-206 ] mutt-devel
voroskoi
noreply at frugalware.org
Fri Jun 8 10:00:06 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frugalware Security Advisory FSA-206
Date: 2007-06-08
Package: mutt-devel
Vulnerable versions: <= 1.5.14-1
Unaffected versions: >= 1.5.14-2terminus1
Related bugreport: http://bugs.frugalware.org/task/2139
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2683
Description
===========
A vulnerability has been reported in mutt, which potentially can be exploited by malicious, local users to gain escalated privileges. Successful exploitation may allow execution of arbitrary code with another user's privileges, but requires that the malicious user has a specially crafted realname and exists in the target user's alias file.
Also fixes http://dev.mutt.org/trac/ticket/2846
Updated Packages
================
Check if you have mutt-devel installed:
# pacman -Q mutt-devel
If found, then you should upgrade to the latest version:
# pacman -Sy mutt-devel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info
iD8DBQFGaQyGZ7NElSD1VhkRAg8kAJ0auhk7YWbipGkhPdDjNKt7JPyf1QCfZW79
7WZM/F7Npbe1hHctTx6/os8=
=rSwM
-----END PGP SIGNATURE-----
More information about the Frugalware-security
mailing list