Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Trustix - #2002-0003

Trustix - #2002-0003

by Nikola Strahija on January 8th, 2002 Mutt in version 1.2.5i has a buffer overflow which can be used by a remote attacker gain privileges.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

---------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2002-0003

Package name: mutt
Summary: Remote exploit
Date: 2002-01-04
Affected versions: TSL 1.2, 1.5

---------------------------------------------------------------------------

Problem description:
Mutt in version 1.2.5i has a buffer overflow which can be remotely
exploited.

Action:
We recommend that all systems with this package installed are upgraded.


Location:
All TSL updates are available from
http://www.trustix.net/pub/Trustix/updates/
ftp://ftp.trustix.net/pub/Trustix/updates/


Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.

Get SWUP from:
ftp://ftp.trustix.net/pub/Trustix/software/swup/

Questions?
Check out our mailing lists:
http://www.trustix.net/support/


Verification:
This advisory along with all TSL packages are signed with the TSL sign key.
This key is available from:
http://www.trustix.net/TSL-GPG-KEY

The advisory itself is available from the errata pages at
http://www.trustix.net/errata/trustix-1.2/ and
http://www.trustix.net/errata/trustix-1.5/ or directly at
http://www.trustix.net/errata/misc/2002/TSL-2002-0003-mutt.asc.txt

MD5sums of the packages:
---------------------------------------------------------------------------
90970d1142b4bedce05bcdc7343d9ab3 ./1.5/SRPMS/mutt-1.2.5i.1-1tr.src.rpm
a0181fdebd24a64cec3ab62949a8cdc4 ./1.5/RPMS/mutt-1.2.5i.1-1tr.i586.rpm
90970d1142b4bedce05bcdc7343d9ab3 ./1.2/SRPMS/mutt-1.2.5i.1-1tr.src.rpm
6f9f499831254a56058c3957e94ca82c ./1.2/RPMS/mutt-1.2.5i.1-1tr.i586.rpm
---------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8OYnPwRTcg4BxxS0RAryDAJ9gam6A++wn36jgC7qdO1bBJA0xFwCfZr0O
/dQFuJXST2gbFe2Trlle/u0=
=zAMp
-----END PGP SIGNATURE-----


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »