1. Ubuntu Security Notices
  2. USN-2440-1

USN-2440-1: Mutt vulnerability

Publication date

11 December 2014

Overview

The mutt mail client could be made to crash if it opened a specially crafted email.

Releases

Packages

  • mutt - text-based mailreader supporting MIME, GPG, PGP and threading

Details

Jakub Wilk discovered that the write_one_header function in mutt
did not properly handle newline characters at the beginning of a
header. An attacker could specially craft an email to cause mutt to
crash, resulting in a denial of service.

Jakub Wilk discovered that the write_one_header function in mutt
did not properly handle newline characters at the beginning of a
header. An attacker could specially craft an email to cause mutt to
crash, resulting in a denial of service.

Update instructions

After a standard system update you need to restart any running instances of mutt to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
14.10 utopic mutt –  1.5.23-1.1ubuntu0.2
mutt-patched –  1.5.23-1.1ubuntu0.2
14.04 trusty mutt –  1.5.21-6.4ubuntu2.1
mutt-patched –  1.5.21-6.4ubuntu2.1
12.04 precise mutt –  1.5.21-5ubuntu2.2
mutt-patched –  1.5.21-5ubuntu2.2
10.04 lucid mutt –  1.5.20-7ubuntu1.3
mutt-patched –  1.5.20-7ubuntu1.3

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›