News

=========================================================== Ubuntu Security Notice USN-307-1 June 28, 2006 mutt vulnerability http://secunia.com/advisories/20810 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: mutt 1.5.6-20040907+2ubuntu0.1 Ubuntu 5.10: mutt 1.5.9-2ubuntu1.1 Ubuntu 6.06 LTS: mutt 1.5.11-3ubuntu2.1 After a standard system upgrade you need to restart mutt to effect the necessary changes. Details follow: TAKAHASHI Tamotsu discovered that mutt's IMAP backend did not sufficiently check the validity of namespace strings. If an user connects to a malicious IMAP server, that server could exploit this to crash mutt or even execute arbitrary code with the privileges of the mutt user.