Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0237 mutt security update 21 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mutt Publisher: Debian Operating System: Debian GNU/Linux UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-3181 Original Bulletin: https://lists.debian.org/debian-lts-announce/2021/01/msg00017.html Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running mutt check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2529-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta January 21, 2021 https://wiki.debian.org/LTS - - ----------------------------------------------------------------------- Package : mutt Version : 1.7.2-1+deb9u5 CVE ID : CVE-2021-3181 Debian Bug : 980326 rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons. For Debian 9 stretch, this problem has been fixed in version 1.7.2-1+deb9u5. We recommend that you upgrade your mutt packages. For the detailed security status of mutt please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mutt Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmAIjx0ACgkQgj6WdgbD S5bk0A/+JMLuHGnyWqpA+QYC4uNYvZKCUvA8YjV8fp/CJ6Jpekxa7LJ32VsazQcM D/8tOQibVZ+iHaxuGBgQ3Zd9Ar9b+VUkQYJtkESpho6I0r/Se1G9pfbRb94IjdiT w3KSL3wycHPH02379fe1Mf7UVZJHmF161F6SRGP8oQwFn44nY9cRwhFzqgIHcbb0 BxCYGkMsxT/jQq9MC7x5TZBZBzOw9racTYstKafUS7UxwTo/k+gzuDZH6nCjzohN ux+24HPDhdmzx0DtJZ7TsHEyXgHeF/2+rLSTg3Q7FCna+x0EXNes46UHJq89tgUi UYRD5VuhfKbTSw3vf84kqGQs9VBbfaEwpHoRqqdLgyMwIlG3jbIy+mIZgq/p0DBn E0sWVQIyr0DCtAlJ1YT2Z0cT7ox6Gn2aIQrE2IIPPxA2xw2mjdfHzK+q4bwocY3U zLvyxT1us2IU8fOZuSL1WS/rIIKN0sAXtwj2SCAEbN10o6XuXZdVJmdjxKWzCsog xj5YWAd8aD01Kw7xypuxVsf2FlujHFXGM1zFBMxy4kEYt46EiIl6ZfSNApOiuo/5 RZpqQTdOsbd2EhX4HybPj7iLun9CQlDZUFU7j4xPao9z0JWDUK35csGNrQlH5SDb cl1H6k7/zQNKfIN4mDQPrKnzroetqzyDmJJyxNMIgs50hX9mOqo= =lmGl - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYAj3FuNLKJtyKPYoAQgUMRAAsM0ryOX6uC7HuqHQAjePdPp2OdTfSrbO eACpra73LauKYLp4xGqGe56/3Eti1nEz6G66KwTIp56O2JJBZxHD6lCOXNLAJ6UC IOIC2IFyOoDZa3Jmol3/dACqwMpvrwIBLTTuYtzAlqDmNw18cZWpNUCGK/ErB0El ANqlkTsrcnBJ7aSykZqOdnLvD2QLa7zxFxoCzl60e01tQN8ICtWWf8ezDL2IK+/X 9ID0CKS4dKB2yIYCvdTprYbFd2w7z8a/Gs+k/YJuBzZEw/I45hpqhDOr9l7eZeoO TIuBX4OCiV3vUnwj4c/4Yt++rKzq8jDApJ6XFNlp8HBMm/1jT5kLKl17AU9d8UY7 4KMzHKexPTM82r4cQFMoqYTHwbYr3n7XFCf9ui4ORETL2ivBOb2uMpAoZEz+FxD2 CV1tXRFWPZ2hWkn1Okl206bDPZz5ZT4arQsWWr73Os54zt9ZGPeqGfXZeAl32D5T QxLkl8phL1tk+TSBBZtBCLBBc8sjMnMBF07MRDg64rxXKIjzJwO/0S8zk1puHc73 Khsuic7kmU5ahUnF1hyQBYkHxc4Cdxi0GCI50Xuh+2HRh9mgVMuykeLUbMTQAru+ 6zoOnPNeYrwRPJ6c68+HvvPtr1/1n+LEb+WJbMyEP7RHqZVzp/HGnIM3EEAcKjn4 Kqz18lbi6pQ= =+ZzW -----END PGP SIGNATURE-----