GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Jan 27, 2021 1:26 am Post subject: [ GLSA 202101-32 ] Mutt, NeoMutt |
 |
|
Gentoo Linux Security Advisory
Title: Mutt, NeoMutt: Information disclosure (GLSA 202101-32)
Severity: normal
Exploitable: remote
Date: 2021-01-26
Bug(s): #755833, #755866
ID: 202101-32
Synopsis
A weakness was discovered in Mutt and NeoMutt's TLS handshake
handling
Background
Mutt is a small but very powerful text-based mail client.NeoMutt is a command line mail reader (or MUA). It’s a fork of Mutt
with added features.
Affected Packages
Package: mail-client/mutt
Vulnerable: < 2.0.2
Unaffected: >= 2.0.2
Architectures: All supported architectures
Package: mail-client/neomutt
Vulnerable: < 20201120
Unaffected: >= 20201120
Architectures: All supported architectures
Description
A weakness in TLS handshake handling was found which may allow
information disclosure.
Impact
A remote attacker may be able to cause information disclosure.
Workaround
There is no known workaround at this time.
Resolution
All Mutt users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/mutt-2.0.2"
|
All NeoMutt users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/neomutt-20201120"
|
References
CVE-2020-28896 |
|
News & Announcements
