Summary: | <mail-client/mutt-1.5.23-r5: heap-based buffer overflow in mutt_substrdup() (CVE-2014-9116) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | grobian, net-mail+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2014/11/27/5 | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-11-27 10:37:37 UTC
CVE-2014-9116 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9116): The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function. http://dev.mutt.org/trac/changeset/0aebf1df4359 Fix should be in 1.5.23-r5 (In reply to Fabian Groffen from comment #3) > http://dev.mutt.org/trac/changeset/0aebf1df4359 > > Fix should be in 1.5.23-r5 Thanks! Is that version ready for stabilization? Let me test it for a couple more days, but I don't expect major issues. -r5 seems ok to me Arches, please test and mark stable: =mail-client/mutt-1.5.23-r5 Target Keywords : "alpha amd64 hppa ia64 ppc ppc64 spark x86" Thank you! Stable for HPPA. x86 done amd64 stable ia64 stable ppc stable ppc64 stable sparc stable alpha stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Maintainer(s), Thank you for you for cleanup. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s). Maintainer(s), Thank you for you for cleanup. This issue was resolved and addressed in GLSA 201701-04 at https://security.gentoo.org/glsa/201701-04 by GLSA coordinator Thomas Deutschmann (whissi). |