Skip to navigation

Security Advisory Moderate: mutt security update

Advisory: RHSA-2011:0959-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-07-19
Last updated on: 2011-07-19
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.1.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-1429

Details

An updated mutt package that fixes one security issue is now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Mutt is a text-mode mail user agent.

A flaw was found in the way Mutt verified SSL certificates. When a server
presented an SSL certificate chain, Mutt could ignore a server hostname
check failure. A remote attacker able to get a certificate from a trusted
Certificate Authority could use this flaw to trick Mutt into accepting a
certificate issued for a different hostname, and perform man-in-the-middle
attacks against Mutt's SSL connections. (CVE-2011-1429)

All Mutt users should upgrade to this updated package, which contains a
backported patch to correct this issue. All running instances of Mutt must
be restarted for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
mutt-1.5.20-2.20091214hg736b6a.el6_1.1.src.rpm
File outdated by:  RHSA-2014:0304
    MD5: d6c2e50c6b847317c5f5903f09117def
SHA-256: 2a2caa8f689d450bd554af7ad6e495599eae0cf715f7b20ac01c02d338fd2fc0
 
IA-32:
mutt-1.5.20-2.20091214hg736b6a.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0304
    MD5: c41281a65dd3306dd1ffcafb0963422a
SHA-256: d1c8f9bb84fb047c9e31780168a3d3dc6a3d75474bc3f132536489a2e8608d19
mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0304
    MD5: a5695985434c86e4eb6d34ef35a316e6
SHA-256: 13a5f6f7dead245b2605aa650ee5543cd4661d6c2699257ff927f0daf579cab5
 
x86_64:
mutt-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm
File outdated by:  RHSA-2014:0304
    MD5: bfa3838ac8fd442f93fad81e25a8fbad
SHA-256: ee54a04099d8b82702ab7832914f976f8bab4877b47c0341037f3ce03ee0c3f8
mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm
File outdated by:  RHSA-2014:0304
    MD5: 363870baf476b90fb7c8421376533588
SHA-256: 37c4f29e453adcfe86a01bb5b5c5df5d4223f3b8e3311405b626ac8184d17098
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
mutt-1.5.20-2.20091214hg736b6a.el6_1.1.src.rpm
File outdated by:  RHSA-2014:0304
    MD5: d6c2e50c6b847317c5f5903f09117def
SHA-256: 2a2caa8f689d450bd554af7ad6e495599eae0cf715f7b20ac01c02d338fd2fc0
 
x86_64:
mutt-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm
File outdated by:  RHSA-2014:0304
    MD5: bfa3838ac8fd442f93fad81e25a8fbad
SHA-256: ee54a04099d8b82702ab7832914f976f8bab4877b47c0341037f3ce03ee0c3f8
mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm
File outdated by:  RHSA-2014:0304
    MD5: 363870baf476b90fb7c8421376533588
SHA-256: 37c4f29e453adcfe86a01bb5b5c5df5d4223f3b8e3311405b626ac8184d17098
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
mutt-1.5.20-2.20091214hg736b6a.el6_1.1.src.rpm
File outdated by:  RHSA-2014:0304
    MD5: d6c2e50c6b847317c5f5903f09117def
SHA-256: 2a2caa8f689d450bd554af7ad6e495599eae0cf715f7b20ac01c02d338fd2fc0
 
IA-32:
mutt-1.5.20-2.20091214hg736b6a.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0304
    MD5: c41281a65dd3306dd1ffcafb0963422a
SHA-256: d1c8f9bb84fb047c9e31780168a3d3dc6a3d75474bc3f132536489a2e8608d19
mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0304
    MD5: a5695985434c86e4eb6d34ef35a316e6
SHA-256: 13a5f6f7dead245b2605aa650ee5543cd4661d6c2699257ff927f0daf579cab5
 
PPC:
mutt-1.5.20-2.20091214hg736b6a.el6_1.1.ppc64.rpm
File outdated by:  RHSA-2014:0304
    MD5: 482af6645838b3c02da78e0251b15ad5
SHA-256: cbbe572cd43e40c7ea71a4c54a466ac13200a244c34fa8d208c3f3ac30686874
mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.ppc64.rpm
File outdated by:  RHSA-2014:0304
    MD5: 77aded6b3f727cebc2ac1eb5fefd9928
SHA-256: 8242fa7b7416f74fae6320cb5717de444cb46a7bd5c21987002f9a9f8215c226
 
s390x:
mutt-1.5.20-2.20091214hg736b6a.el6_1.1.s390x.rpm
File outdated by:  RHSA-2014:0304
    MD5: dc542f5b70a3529606214ae22a7dda73
SHA-256: e1a29ef177990deb3fb76003b8c25ebd3e27b120d66d4d83552a1eaa9d225dbb
mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.s390x.rpm
File outdated by:  RHSA-2014:0304
    MD5: 0115d3e902c24c821739363c2db362d3
SHA-256: 2ec1b53b511ed62368728fb3113baac8ed5f13e6426affbdc53d54fc1e96c94a
 
x86_64:
mutt-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm
File outdated by:  RHSA-2014:0304
    MD5: bfa3838ac8fd442f93fad81e25a8fbad
SHA-256: ee54a04099d8b82702ab7832914f976f8bab4877b47c0341037f3ce03ee0c3f8
mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm
File outdated by:  RHSA-2014:0304
    MD5: 363870baf476b90fb7c8421376533588
SHA-256: 37c4f29e453adcfe86a01bb5b5c5df5d4223f3b8e3311405b626ac8184d17098
 
Red Hat Enterprise Linux Server EUS (v. 6.1.z)

SRPMS:
mutt-1.5.20-2.20091214hg736b6a.el6_1.1.src.rpm
File outdated by:  RHSA-2014:0304
    MD5: d6c2e50c6b847317c5f5903f09117def
SHA-256: 2a2caa8f689d450bd554af7ad6e495599eae0cf715f7b20ac01c02d338fd2fc0
 
IA-32:
mutt-1.5.20-2.20091214hg736b6a.el6_1.1.i686.rpm     MD5: c41281a65dd3306dd1ffcafb0963422a
SHA-256: d1c8f9bb84fb047c9e31780168a3d3dc6a3d75474bc3f132536489a2e8608d19
mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.i686.rpm     MD5: a5695985434c86e4eb6d34ef35a316e6
SHA-256: 13a5f6f7dead245b2605aa650ee5543cd4661d6c2699257ff927f0daf579cab5
 
PPC:
mutt-1.5.20-2.20091214hg736b6a.el6_1.1.ppc64.rpm     MD5: 482af6645838b3c02da78e0251b15ad5
SHA-256: cbbe572cd43e40c7ea71a4c54a466ac13200a244c34fa8d208c3f3ac30686874
mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.ppc64.rpm     MD5: 77aded6b3f727cebc2ac1eb5fefd9928
SHA-256: 8242fa7b7416f74fae6320cb5717de444cb46a7bd5c21987002f9a9f8215c226
 
s390x:
mutt-1.5.20-2.20091214hg736b6a.el6_1.1.s390x.rpm     MD5: dc542f5b70a3529606214ae22a7dda73
SHA-256: e1a29ef177990deb3fb76003b8c25ebd3e27b120d66d4d83552a1eaa9d225dbb
mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.s390x.rpm     MD5: 0115d3e902c24c821739363c2db362d3
SHA-256: 2ec1b53b511ed62368728fb3113baac8ed5f13e6426affbdc53d54fc1e96c94a
 
x86_64:
mutt-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm     MD5: bfa3838ac8fd442f93fad81e25a8fbad
SHA-256: ee54a04099d8b82702ab7832914f976f8bab4877b47c0341037f3ce03ee0c3f8
mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm     MD5: 363870baf476b90fb7c8421376533588
SHA-256: 37c4f29e453adcfe86a01bb5b5c5df5d4223f3b8e3311405b626ac8184d17098
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
mutt-1.5.20-2.20091214hg736b6a.el6_1.1.src.rpm
File outdated by:  RHSA-2014:0304
    MD5: d6c2e50c6b847317c5f5903f09117def
SHA-256: 2a2caa8f689d450bd554af7ad6e495599eae0cf715f7b20ac01c02d338fd2fc0
 
IA-32:
mutt-1.5.20-2.20091214hg736b6a.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0304
    MD5: c41281a65dd3306dd1ffcafb0963422a
SHA-256: d1c8f9bb84fb047c9e31780168a3d3dc6a3d75474bc3f132536489a2e8608d19
mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.i686.rpm
File outdated by:  RHSA-2014:0304
    MD5: a5695985434c86e4eb6d34ef35a316e6
SHA-256: 13a5f6f7dead245b2605aa650ee5543cd4661d6c2699257ff927f0daf579cab5
 
x86_64:
mutt-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm
File outdated by:  RHSA-2014:0304
    MD5: bfa3838ac8fd442f93fad81e25a8fbad
SHA-256: ee54a04099d8b82702ab7832914f976f8bab4877b47c0341037f3ce03ee0c3f8
mutt-debuginfo-1.5.20-2.20091214hg736b6a.el6_1.1.x86_64.rpm
File outdated by:  RHSA-2014:0304
    MD5: 363870baf476b90fb7c8421376533588
SHA-256: 37c4f29e453adcfe86a01bb5b5c5df5d4223f3b8e3311405b626ac8184d17098
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

688755 - CVE-2011-1429 mutt: SSL host name check may be skipped when verifying certificate chain


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/