Advisories

Mandriva Advisories

Package name	mutt
Date	October 27th, 2006
Advisory ID	MDKSA-2006:190
Affected versions	CS3.0, 2006.0, 2007.0
Synopsis	Updated mutt packages fix multiple vulnerabilities

Problem Description

A race condition in the safe_open function in the Mutt mail client
1.5.12 and earlier, when creating temporary files in an NFS filesystem,
allows local users to overwrite arbitrary files due to limitations of
the use of the O_EXCL flag on NFS filesystems. (CVE-2006-5297)

The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier
does not properly verify that temporary files have been created with
restricted permissions, which might allow local users to create files
with weak permissions via a race condition between the mktemp and
safe_fopen function calls. (CVE-2006-5298)

Updated packages have been patched to correct these issues.

Updated Packages

Corporate Server 3.0

 2a9c81d26ccc33ea0044052e35ba88ec  corporate/3.0/i586/mutt-1.5.5.1i-2.2.C30mdk.i586.rpm
 3777210099ca87e13417169d286e558c  corporate/3.0/i586/mutt-utf8-1.5.5.1i-2.2.C30mdk.i586.rpm 
 f3653a6b8156847e3d860638f70c12a6  corporate/3.0/SRPMS/mutt-1.5.5.1i-2.2.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 231d08a551dd833ce142ebcddd56778d  corporate/3.0/x86_64/mutt-1.5.5.1i-2.2.C30mdk.x86_64.rpm
 7a6a1046541dce5468360c0fdee6564e  corporate/3.0/x86_64/mutt-utf8-1.5.5.1i-2.2.C30mdk.x86_64.rpm 
 f3653a6b8156847e3d860638f70c12a6  corporate/3.0/SRPMS/mutt-1.5.5.1i-2.2.C30mdk.src.rpm

Mandriva Linux 2006

 261e9e3555851ba4cc334f3bb06267d7  2006.0/i586/mutt-1.5.9i-9.2.20060mdk.i586.rpm
 b313483f29ba39476e78cea797408eac  2006.0/i586/mutt-utf8-1.5.9i-9.2.20060mdk.i586.rpm 
 47d904f3fc3a0fa6bdaf85bf5fb94672  2006.0/SRPMS/mutt-1.5.9i-9.2.20060mdk.src.rpm

Mandriva Linux 2006/X86_64

 122a0f95939a3d4595e1d319bf009bfb  2006.0/x86_64/mutt-1.5.9i-9.2.20060mdk.x86_64.rpm
 e51bb69c94c99c4e8c449d4ca0380468  2006.0/x86_64/mutt-utf8-1.5.9i-9.2.20060mdk.x86_64.rpm 
 47d904f3fc3a0fa6bdaf85bf5fb94672  2006.0/SRPMS/mutt-1.5.9i-9.2.20060mdk.src.rpm

Mandriva Linux 2007

 be6f583809fb4508ddc48022aba020fe  2007.0/i586/mutt-1.5.11-5.1mdv2007.0.i586.rpm
 d85e2389a6d1ff9823506355821cd276  2007.0/i586/mutt-utf8-1.5.11-5.1mdv2007.0.i586.rpm 
 b7254bd46750dcb9a5e5aac131bb9a2a  2007.0/SRPMS/mutt-1.5.11-5.1mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

 affd060afcfedfedc233cf83b4df3f38  2007.0/x86_64/mutt-1.5.11-5.1mdv2007.0.x86_64.rpm
 5c13b34493cbb85dff800bfc2fabfd8a  2007.0/x86_64/mutt-utf8-1.5.11-5.1mdv2007.0.x86_64.rpm 
 b7254bd46750dcb9a5e5aac131bb9a2a  2007.0/SRPMS/mutt-1.5.11-5.1mdv2007.0.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5298

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer