Not a user yet?
Log in Register for free Suggest a product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Update

USN-7204-1: NeoMutt vulnerabilities

Ubuntu ServerUbuntu Server
Canonical
Update from patrick-devicebaseUpdate from:
patrick-devicebase (expert)

USN-7204-1: NeoMutt vulnerabilities
15 January 2025

Several security issues were fixed in NeoMutt.

Releases
Ubuntu 24.04 LTS Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM

Packages
neomutt - command line mail reader based on Mutt, with added features

Details
Jeriko One discovered that NeoMutt incorrectly handled certain IMAP
and POP3 responses. An attacker could possibly use this issue to
cause NeoMutt to crash, resulting in a denial of service, or
the execution of arbitrary code. This issue only affected
Ubuntu 18.04 LTS. (CVE-2018-14349, CVE-2018-14350, CVE-2018-14351,
CVE-2018-14352, CVE-2018-14353, CVE-2018-14354, CVE-2018-14355,
CVE-2018-14356, CVE-2018-14357, CVE-2018-14358, CVE-2018-14359,
CVE-2018-14362)

Jeriko One discovered that NeoMutt incorrectly handled certain
NNTP-related operations. An attacker could possibly use this issue
to cause NeoMutt to crash, resulting in denial of service, or
the execution of arbitrary code. This issue only affected
Ubuntu 18.04 LTS. (CVE-2018-14360, CVE-2018-14361, CVE-2018-14363)

It was discovered that NeoMutt incorrectly processed additional data
when communicating with mail servers. An attacker could possibly use
this issue to access senstive information. This issue only affected
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14954, CVE-2020-28896)

It was discovered that Neomutt incorrectly handled the IMAP QRSync
setting. An attacker could possibly use this issue to cause NeoMutt
to crash, resulting in denial of service. This issue only affected
Ubuntu 20.04 LTS. (CVE-2021-32055)

Tavis Ormandy discovered that NeoMutt incorrectly parsed uuencoded
text past the length of the string. An attacker could possibly use
this issue to enable the execution of arbitrary code. This issue
only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and
Ubuntu 22.04 LTS. (CVE-2022-1328)

It was discovered that NeoMutt did not properly encrypt email headers.
An attacker could possibly use this issue to receive emails that were
not intended for them and access sensitive information. This
vulnerability was only fixed in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
and Ubuntu 24.04 LTS. (CVE-2024-49393, CVE-2024-49394)

Update instructions
The problem can be corrected by updating your system to the following package versions:

Ubuntu 24.04

  • neomutt - 20231103+dfsg1-1ubuntu0.1~esm1
    Available with Ubuntu Pro
    Ubuntu 22.04
  • neomutt - 20211029+dfsg1-1ubuntu0.1~esm1
    Available with Ubuntu Pro
    Ubuntu 20.04
  • neomutt - 20191207+dfsg.1-1.1ubuntu0.1~esm1
    Available with Ubuntu Pro
    Ubuntu 18.04
  • neomutt - 20171215+dfsg.1-1ubuntu0.1~esm1
    Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

Version: 24.04 LTS Link
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Canonical Ubuntu Server updates

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad