Debian DSA-2874-1 : mutt - security update

medium Nessus Plugin ID 72989

Synopsis

The remote Debian host is missing a security-related update.

Description

Beatrice Torracca and Evgeni Golov discovered a buffer overflow in the mutt mailreader. Malformed RFC2047 header lines could result in denial of service or potentially the execution of arbitrary code.

Solution

Upgrade the mutt packages.

For the oldstable distribution (squeeze), this problem has been fixed in version 1.5.20-9+squeeze3.

For the stable distribution (wheezy), this problem has been fixed in version 1.5.21-6.2+deb7u2.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708731

https://packages.debian.org/source/squeeze/mutt

https://packages.debian.org/source/wheezy/mutt

https://www.debian.org/security/2014/dsa-2874

Plugin Details

Severity: Medium

ID: 72989

File Name: debian_DSA-2874.nasl

Version: 1.8

Type: local

Agent: unix

Published: 3/14/2014

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:mutt, cpe:/o:debian:debian_linux:6.0, cpe:/o:debian:debian_linux:7.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 3/12/2014

Reference Information

CVE: CVE-2014-0467

DSA: 2874