Oval Definition:oval:org.opensuse.security:def:56795
Revision Date:2020-12-01Version:1
Title:Security update for mutt (Important)
Description:

This update for mutt fixes the following issues:

Security issues fixed:

- bsc#1101428: Mutt 1.10.1 security release update. - CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status mailbox literal count size (bsc#1101583). - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581). - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567). - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578). - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582). - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576). - CVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal in a mailbox name (bsc#1101577). - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589). - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588). - CVE-2018-14363: Fix newsrc.c that does not properlyrestrict '/' characters that may have unsafe interaction with cache pathnames (bsc#1101566). - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570). - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571). - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based buffer overflow because of incorrect sscanf usage (bsc#1101569). - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573). - CVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails for messages data (bsc#1101568).

Bug fixes:

- mutt reports as neomutt and incorrect version (bsc#1094717) - No sidebar available in mutt 1.6.1 from Tumbleweed snapshot 20160517 (bsc#980830) - mutt-1.6.1 unusable when built with --enable-sidebar (bsc#982129) - (neo)mutt displaying times in Zulu time (bsc#1061343) - mutt unconditionally segfaults when displaying a message (bsc#986534)
Family:unixClass:patch
Status:Reference(s):1011276
1025013
1025254
1030575
1031481
1031660
1039063
1039064
1039066
1039069
1039496
1039661
1052916
1061343
1063671
1064392
1066471
1066472
1086036
1094717
1100097
1101428
1101566
1101567
1101568
1101569
1101570
1101571
1101573
1101576
1101577
1101578
1101581
1101582
1101583
1101588
1101589
1103367
1120946
1149496
1172205
1173378
1173380
1174633
1174635
1174638
1175534
1176343
1176344
1176345
1176346
1176347
1176348
1176349
1176350
1176496
1176764
912607
928193
951734
951735
954429
956018
956021
956260
957105
957106
957107
957109
957110
980364
980377
980830
982129
986534
CVE-2011-2199
CVE-2013-1984
CVE-2013-1995
CVE-2013-1998
CVE-2013-7490
CVE-2014-3540
CVE-2014-9116
CVE-2015-1819
CVE-2015-5312
CVE-2015-7497
CVE-2015-7498
CVE-2015-7499
CVE-2015-7500
CVE-2015-7941
CVE-2015-7942
CVE-2015-8035
CVE-2015-8241
CVE-2015-8242
CVE-2015-8317
CVE-2015-8872
CVE-2016-4804
CVE-2016-9427
CVE-2017-1000364
CVE-2017-13080
CVE-2017-15649
CVE-2017-2885
CVE-2017-9047
CVE-2017-9048
CVE-2017-9049
CVE-2017-9050
CVE-2018-10916
CVE-2018-12910
CVE-2018-14349
CVE-2018-14350
CVE-2018-14351
CVE-2018-14352
CVE-2018-14353
CVE-2018-14354
CVE-2018-14355
CVE-2018-14356
CVE-2018-14357
CVE-2018-14358
CVE-2018-14359
CVE-2018-14360
CVE-2018-14361
CVE-2018-14362
CVE-2018-14363
CVE-2019-20919
CVE-2019-5482
CVE-2020-0543
CVE-2020-14345
CVE-2020-14346
CVE-2020-14347
CVE-2020-14364
CVE-2020-15565
CVE-2020-15567
CVE-2020-25595
CVE-2020-25596
CVE-2020-25597
CVE-2020-25599
CVE-2020-25600
CVE-2020-25601
CVE-2020-25603
CVE-2020-25604
SUSE-SU-2016:0049-1
SUSE-SU-2016:2145-1
SUSE-SU-2016:3057-1
SUSE-SU-2017:1587-1
SUSE-SU-2017:1937-1
SUSE-SU-2017:3153-1
SUSE-SU-2018:2204-2
SUSE-SU-2019:0642-1
SUSE-SU-2019:1196-1
SUSE-SU-2019:2339-2
SUSE-SU-2020:2331-1
SUSE-SU-2020:2822-1
SUSE-SU-2020:2856-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • apparmor-abstractions-2.12-lp150.5 is installed
  • OR apparmor-docs-2.12-lp150.5 is installed
  • OR apparmor-parser-2.12-lp150.5 is installed
  • OR apparmor-parser-lang-2.12-lp150.5 is installed
  • OR apparmor-profiles-2.12-lp150.5 is installed
  • OR apparmor-utils-2.12-lp150.5 is installed
  • OR apparmor-utils-lang-2.12-lp150.5 is installed
  • OR perl-apparmor-2.12-lp150.5 is installed
  • OR python3-apparmor-2.12-lp150.5 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND transfig-3.2.6a-lp151.4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND mutt-1.10.1-55.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND dosfstools-3.0.26-6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_69-60_64_29-default-5-3 is installed
  • OR kgraft-patch-3_12_69-60_64_29-xen-5-3 is installed
  • OR kgraft-patch-SLE12-SP1_Update_12-5-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • apache-commons-beanutils-1.9.2-1 is installed
  • OR apache-commons-beanutils-javadoc-1.9.2-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • kernel-firmware-20170530-21.22 is installed
  • OR ucode-amd-20170530-21.22 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • MozillaFirefox-60.4.0esr-109.55 is installed
  • OR MozillaFirefox-devel-60.4.0esr-109.55 is installed
  • OR MozillaFirefox-translations-common-60.4.0esr-109.55 is installed
  • OR libfreebl3-3.40.1-58.18 is installed
  • OR libfreebl3-32bit-3.40.1-58.18 is installed
  • OR libsoftokn3-3.40.1-58.18 is installed
  • OR libsoftokn3-32bit-3.40.1-58.18 is installed
  • OR mozilla-nspr-4.20-19.6 is installed
  • OR mozilla-nspr-32bit-4.20-19.6 is installed
  • OR mozilla-nss-3.40.1-58.18 is installed
  • OR mozilla-nss-32bit-3.40.1-58.18 is installed
  • OR mozilla-nss-certs-3.40.1-58.18 is installed
  • OR mozilla-nss-certs-32bit-3.40.1-58.18 is installed
  • OR mozilla-nss-sysinit-3.40.1-58.18 is installed
  • OR mozilla-nss-sysinit-32bit-3.40.1-58.18 is installed
  • OR mozilla-nss-tools-3.40.1-58.18 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_103-92_56-default-9-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_17-9-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • libQt5WebKit5-5.6.2-1 is installed
  • OR libQt5WebKit5-imports-5.6.2-1 is installed
  • OR libQt5WebKitWidgets5-5.6.2-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • kernel-default-4.4.180-94.103 is installed
  • OR kernel-default-base-4.4.180-94.103 is installed
  • OR kernel-default-devel-4.4.180-94.103 is installed
  • OR kernel-devel-4.4.180-94.103 is installed
  • OR kernel-macros-4.4.180-94.103 is installed
  • OR kernel-source-4.4.180-94.103 is installed
  • OR kernel-syms-4.4.180-94.103 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • MozillaFirefox-68.9.0-109.123 is installed
  • OR MozillaFirefox-translations-common-68.9.0-109.123 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • libshibsp-lite6-2.5.5-6.6 is installed
  • OR libshibsp6-2.5.5-6.6 is installed
  • OR shibboleth-sp-2.5.5-6.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • libmysqlclient18-10.0.35-1 is installed
  • OR libmysqlclient18-32bit-10.0.35-1 is installed
  • OR mariadb-100-errormessages-10.0.35-1 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • libsoup-2.62.2-5.7 is installed
  • OR libsoup-2_4-1-2.62.2-5.7 is installed
  • OR libsoup-2_4-1-32bit-2.62.2-5.7 is installed
  • OR libsoup-lang-2.62.2-5.7 is installed
  • OR typelib-1_0-Soup-2_4-2.62.2-5.7 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • pdns-4.1.2-3.3 is installed
  • OR pdns-backend-mysql-4.1.2-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND Package Information
  • crowbar-core-6.0+git.1587558898.313bb9fd3-3.22 is installed
  • OR crowbar-core-branding-upstream-6.0+git.1587558898.313bb9fd3-3.22 is installed
  • OR crowbar-ha-6.0+git.1586256059.e6f67e1-3.16 is installed
  • OR crowbar-openstack-6.0+git.1587753188.da39e44a7-3.22 is installed
  • OR memcached-1.5.17-3.3 is installed
  • OR openstack-ceilometer-11.1.1~dev5-3.13 is installed
  • OR openstack-ceilometer-agent-central-11.1.1~dev5-3.13 is installed
  • OR openstack-ceilometer-agent-compute-11.1.1~dev5-3.13 is installed
  • OR openstack-ceilometer-agent-ipmi-11.1.1~dev5-3.13 is installed
  • OR openstack-ceilometer-agent-notification-11.1.1~dev5-3.13 is installed
  • OR openstack-ceilometer-polling-11.1.1~dev5-3.13 is installed
  • OR openstack-cinder-13.0.10~dev9-3.19 is installed
  • OR openstack-cinder-api-13.0.10~dev9-3.19 is installed
  • OR openstack-cinder-backup-13.0.10~dev9-3.19 is installed
  • OR openstack-cinder-scheduler-13.0.10~dev9-3.19 is installed
  • OR openstack-cinder-volume-13.0.10~dev9-3.19 is installed
  • OR openstack-designate-7.0.1~dev25-3.16 is installed
  • OR openstack-designate-agent-7.0.1~dev25-3.16 is installed
  • OR openstack-designate-api-7.0.1~dev25-3.16 is installed
  • OR openstack-designate-central-7.0.1~dev25-3.16 is installed
  • OR openstack-designate-producer-7.0.1~dev25-3.16 is installed
  • OR openstack-designate-sink-7.0.1~dev25-3.16 is installed
  • OR openstack-designate-worker-7.0.1~dev25-3.16 is installed
  • OR openstack-heat-11.0.3~dev35-3.16 is installed
  • OR openstack-heat-api-11.0.3~dev35-3.16 is installed
  • OR openstack-heat-api-cfn-11.0.3~dev35-3.16 is installed
  • OR openstack-heat-engine-11.0.3~dev35-3.16 is installed
  • OR openstack-heat-plugin-heat_docker-11.0.3~dev35-3.16 is installed
  • OR openstack-ironic-11.1.5~dev3-3.16 is installed
  • OR openstack-ironic-api-11.1.5~dev3-3.16 is installed
  • OR openstack-ironic-conductor-11.1.5~dev3-3.16 is installed
  • OR openstack-ironic-image-9.0.0-3.6 is installed
  • OR openstack-ironic-image-x86_64-9.0.0-3.6 is installed
  • OR openstack-manila-7.4.2~dev4-4.21 is installed
  • OR openstack-manila-api-7.4.2~dev4-4.21 is installed
  • OR openstack-manila-data-7.4.2~dev4-4.21 is installed
  • OR openstack-manila-scheduler-7.4.2~dev4-4.21 is installed
  • OR openstack-manila-share-7.4.2~dev4-4.21 is installed
  • OR openstack-neutron-13.0.8~dev28-3.22 is installed
  • OR openstack-neutron-dhcp-agent-13.0.8~dev28-3.22 is installed
  • OR openstack-neutron-ha-tool-13.0.8~dev28-3.22 is installed
  • OR openstack-neutron-l3-agent-13.0.8~dev28-3.22 is installed
  • OR openstack-neutron-linuxbridge-agent-13.0.8~dev28-3.22 is installed
  • OR openstack-neutron-macvtap-agent-13.0.8~dev28-3.22 is installed
  • OR openstack-neutron-metadata-agent-13.0.8~dev28-3.22 is installed
  • OR openstack-neutron-metering-agent-13.0.8~dev28-3.22 is installed
  • OR openstack-neutron-openvswitch-agent-13.0.8~dev28-3.22 is installed
  • OR openstack-neutron-server-13.0.8~dev28-3.22 is installed
  • OR openstack-nova-18.3.1~dev17-3.22 is installed
  • OR openstack-nova-api-18.3.1~dev17-3.22 is installed
  • OR openstack-nova-cells-18.3.1~dev17-3.22 is installed
  • OR openstack-nova-compute-18.3.1~dev17-3.22 is installed
  • OR openstack-nova-conductor-18.3.1~dev17-3.22 is installed
  • OR openstack-nova-console-18.3.1~dev17-3.22 is installed
  • OR openstack-nova-novncproxy-18.3.1~dev17-3.22 is installed
  • OR openstack-nova-placement-api-18.3.1~dev17-3.22 is installed
  • OR openstack-nova-scheduler-18.3.1~dev17-3.22 is installed
  • OR openstack-nova-serialproxy-18.3.1~dev17-3.22 is installed
  • OR openstack-nova-vncproxy-18.3.1~dev17-3.22 is installed
  • OR openstack-octavia-3.2.3~dev2-3.22 is installed
  • OR openstack-octavia-amphora-agent-3.2.3~dev2-3.22 is installed
  • OR openstack-octavia-amphora-image-0.1.3-7.9 is installed
  • OR openstack-octavia-amphora-image-x86_64-0.1.3-7.9 is installed
  • OR openstack-octavia-api-3.2.3~dev2-3.22 is installed
  • OR openstack-octavia-health-manager-3.2.3~dev2-3.22 is installed
  • OR openstack-octavia-housekeeping-3.2.3~dev2-3.22 is installed
  • OR openstack-octavia-worker-3.2.3~dev2-3.22 is installed
  • OR python-ceilometer-11.1.1~dev5-3.13 is installed
  • OR python-cinder-13.0.10~dev9-3.19 is installed
  • OR python-cinderclient-4.0.3-3.6 is installed
  • OR python-cinderclient-doc-4.0.3-3.6 is installed
  • OR python-designate-7.0.1~dev25-3.16 is installed
  • OR python-glanceclient-2.13.2-3.3 is installed
  • OR python-glanceclient-doc-2.13.2-3.3 is installed
  • OR python-heat-11.0.3~dev35-3.16 is installed
  • OR python-ironic-11.1.5~dev3-3.16 is installed
  • OR python-ironic-lib-2.14.3-3.6 is installed
  • OR python-ironicclient-2.5.4-4.10 is installed
  • OR python-ironicclient-doc-2.5.4-4.10 is installed
  • OR python-keystonemiddleware-5.2.2-17 is installed
  • OR python-manila-7.4.2~dev4-4.21 is installed
  • OR python-manila-tempest-plugin-0.1.0-3.6 is installed
  • OR python-neutron-13.0.8~dev28-3.22 is installed
  • OR python-nova-18.3.1~dev17-3.22 is installed
  • OR python-novaclient-11.0.1-3.3 is installed
  • OR python-novaclient-doc-11.0.1-3.3 is installed
  • OR python-octavia-3.2.3~dev2-3.22 is installed
  • OR python-octaviaclient-1.6.2-3.6 is installed
  • OR python-openstackclient-3.16.3-11 is installed
  • OR python-os-brick-2.5.10-3.9 is installed
  • OR python-os-brick-common-2.5.10-3.9 is installed
  • OR python-oslo.config-6.4.2-3.3 is installed
  • OR python-oslo.config-doc-6.4.2-3.3 is installed
  • OR python-oslo.rootwrap-5.14.2-3.3 is installed
  • OR python-oslo.utils-3.36.5-3.3 is installed
  • OR python-swiftclient-3.6.1-3.3 is installed
  • OR python-swiftclient-doc-3.6.1-3.3 is installed
  • OR python-watcherclient-2.1.1-3.3 is installed
  • OR release-notes-suse-openstack-cloud-9.20200319-3.18 is installed
  • OR ruby2.1-rubygem-crowbar-client-3.9.2-3.6 is installed
  • OR ruby2.1-rubygem-puma-2.16.0-4.6 is installed
  • OR rubygem-crowbar-client-3.9.2-3.6 is installed
  • OR rubygem-puma-2.16.0-4.6 is installed
  • OR zookeeper-3.4.13-3.3 is installed
  • OR zookeeper-server-3.4.13-3.3 is installed
    • BACK