Date: Fri, 1 Oct 1999 19:01:39 -0600 (MDT)
From: Dan Burcaw dburcaw@terraplex.com
To: marty@linuxtoday.com
The Yellow Dog Linux Security Team has just released a version
of the mutt email program that fixes a buffer overflow.
Package: mutt
Date: October 1, 1999
Problem:
A buffer overflow was dicovered in the text/enriched handler which
may be exploited by an attacker suitably-formatted email
messages.
Versions of mutt 0.95.6 and below are vulnerable. Yellow Dog
Linux Champion Server 1.0 and 1.1 ship with versions that are
effected.
Thanks to the Mutt development team for releasing an update for
this problem.
Urgency: MEDIUM
Solution:
rpm -Uvh
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.1/RPMS/mutt-0.95-7us-1a.ppc.rpm
Users of mutt on Champion Server 1.0 or 1.1 are suggested to
upgrade to this newer version.
More information is available at:
http://www.yellowdoglinux.com/resources/errata.shml
Mailing List Notes:
This is most likely the last security advisory posted to this list.
yellowdog-security and yellowdog-devel mailing lists will be
activated this weekend. There will be less formal, “there are new
updates” type messages to yellowdog-general in the future with the
formal messages sent to yellowdog-security.
Yellow Dog Linux Security Team
security@yellowdoglinux.com