Debian has issued an advisory on November 30: https://www.debian.org/security/2014/dsa-3083 Patched packages uploaded for Mageia 4 and Cauldron. Advisory: ======================== Updated mutt packages fix security vulnerability: A flaw was discovered in mutt. A specially crafted mail header could cause mutt to crash, leading to a denial of service condition (CVE-2014-9116). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9116 https://www.debian.org/security/2014/dsa-3083 ======================== Updated packages in core/updates_testing: ======================== mutt-1.5.21-12.2.mga4 mutt-utf8-1.5.21-12.2.mga4 mutt-doc-1.5.21-12.2.mga4 from mutt-1.5.21-12.2.mga4.src.rpm Reproducible: Steps to Reproduce:
PoC is here on the upstream bug (hit enter once mutt starts): http://dev.mutt.org/trac/ticket/3716 Unfortunately even with the update it still segfaults for me. Maybe we need to update to 1.5.21 and use the patch from Debian sid? Jerome, perhaps you could have a look at this?
CC: (none) => qa-bugsAssignee: qa-bugs => jquelinWhiteboard: (none) => has_procedure
Created attachment 5676 [details] Mageia SVN diff for update to 1.5.23 This is an update of Mutt to 1.5.23. Several patches have been rediffed and the latest patch for Mutt ticket #3716 has been applied. On my own system (Cauldron/x86_64) Mutt no longer crashes with the Debian crasher.mbox PoC.
CC: (none) => thkala
Theodoros, thank you so much for this, it was very helpful! I have committed everything in SVN for Mageia 4 and Cauldron, and requested a freeze push for Cauldron. I have confirmed that it works and fixes the new CVE with a local Mageia 4 build. I will push the update to the build system once the Cauldron update is pushed.
Updated packages uploaded for Mageia 4 and Cauldron. Advisory: ======================== Updated mutt packages fix security vulnerability: A flaw was discovered in mutt. A specially crafted mail header could cause mutt to crash, leading to a denial of service condition (CVE-2014-9116). The mutt package has been updated to version 1.5.23 and patched to fix this issue. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9116 https://www.debian.org/security/2014/dsa-3083 ======================== Updated packages in core/updates_testing: ======================== mutt-1.5.23-1.mga4 mutt-utf8-1.5.23-1.mga4 mutt-doc-1.5.23-1.mga4 from mutt-1.5.23-1.mga4.src.rpm
CC: qa-bugs => jquelinAssignee: jquelin => qa-bugs
Fix verified with the update from the build system, Mageia 4 i586.
Whiteboard: has_procedure => has_procedure MGA4-32-OK
Testing on Mageia4x64 real hardware From current packages : --------------------- - mutt-1.5.21-12.1.mga4.x86_64 - mutt-doc-1.5.21-12.1.mga4.x86_64 - mutt-utf8-1.5.21-12.1.mga4.x86_64 Using PoC, Downloaded testfile (crasher.mbox) $ mutt -R -f crasher.mbox -e 'set weed=no' produced a segmentation fault. To updated testing packages : --------------------------- - mutt-1.5.23-1.mga4.x86_64 - mutt-doc-1.5.23-1.mga4.x86_64 - mutt-utf8-1.5.23-1.mga4.x86_64 $ mutt -R -f crasher.mbox -e 'set weed=no' No segmentation fault Configured mutt (with .muttrc file) : could retrieve mails from my gmail account, read, delete... OK then
CC: (none) => olchalWhiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK MGA4-64-OK
Validating. Advisory uploaded. Please push to updates Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA4-32-OK MGA4-64-OK => has_procedure advisory MGA4-32-OK MGA4-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0509.html
Status: NEW => RESOLVEDResolution: (none) => FIXED