Slackware Security Advisories
Slackware Logo

News

Security Advisories

FAQ

Book

General Info

Get Slack

Install Help

Configuration

Packages

ChangeLogs

Propaganda

Ports

Other Sites

Support

Contact

Mailing Lists

About

 
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] mutt remote exploit patched
Date: Mon, 7 Jan 2002 14:20:05 -0800 (PST)

An exploitable overflow has been found in the address handling code of the
mutt mail client version 1.2.5i supplied with Slackware 8.0.  A new
mutt-1.2.5.1 has been released which addresses this problem, and packages
are now available for Slackware 8.0 and -current.

We urge all Slackware users to upgrade to this new version of mutt as soon
as possible.


WHERE TO FIND THE NEW PACKAGES:
-------------------------------
Updated mutt package for Slackware 8.0:
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/mutt.tgz

Updated mutt package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/mutt-1.2.5.1/packages/mutt-1.2.5.1-i386-1.tgz


MD5 SIGNATURES:
---------------

Here are the md5sums for the packages:

Slackware 8.0:
3172435c584b0cb22ede37b7fafc25c6  mutt.tgz

Slackware -current:
3172435c584b0cb22ede37b7fafc25c6  mutt-1.2.5.1-i386-1.tgz


INSTALLATION INSTRUCTIONS:
--------------------------

Simply upgrade (or install) as root:

   # upgradepkg mutt.tgz

or
  
   # installpkg mutt.tgz


Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
  http://www.slackware.com


+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+


Slackware™ is a trademark of Patrick Volkerding.