Ubuntu Security Notice USN-307-1
28th June, 2006
mutt vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 6.06 LTS
- Ubuntu 5.10
- Ubuntu 5.04
Details
TAKAHASHI Tamotsu discovered that mutt's IMAP backend did not
sufficiently check the validity of namespace strings. If an user
connects to a malicious IMAP server, that server could exploit this to
crash mutt or even execute arbitrary code with the privileges of the
mutt user.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 6.06 LTS:
- mutt 1.5.11-3ubuntu2.1
- Ubuntu 5.10:
- mutt 1.5.9-2ubuntu1.1
- Ubuntu 5.04:
- mutt 1.5.6-20040907+2ubuntu0.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to restart mutt to effect the
necessary changes.