Security update for mutt SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:3826-1 Final 1 1 2023-09-27T16:59:47Z current 2023-09-27T16:59:47Z 2023-09-27T16:59:47Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mutt This update for mutt fixes the following issues: - CVE-2023-4874: Fixed NULL pointer dereference when composing an email (bsc#1215189). - CVE-2023-4875: Fixed NULL pointer dereference when receiving an email (bsc#1215191). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-3826,SUSE-SLE-Module-Basesystem-15-SP4-2023-3826,SUSE-SLE-Module-Basesystem-15-SP5-2023-3826,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3826,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3826,openSUSE-SLE-15.4-2023-3826,openSUSE-SLE-15.5-2023-3826 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20233826-1/ Link for SUSE-SU-2023:3826-1 https://lists.suse.com/pipermail/sle-updates/2023-September/031739.html E-Mail link for SUSE-SU-2023:3826-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1215189 SUSE Bug 1215189 https://bugzilla.suse.com/1215191 SUSE Bug 1215191 https://www.suse.com/security/cve/CVE-2023-4874/ SUSE CVE CVE-2023-4874 page https://www.suse.com/security/cve/CVE-2023-4875/ SUSE CVE CVE-2023-4875 page SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.4 openSUSE Leap 15.5 mutt-1.10.1-150000.3.26.1 mutt-doc-1.10.1-150000.3.26.1 mutt-lang-1.10.1-150000.3.26.1 mutt-1.10.1-150000.3.26.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 mutt-doc-1.10.1-150000.3.26.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 mutt-lang-1.10.1-150000.3.26.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 mutt-1.10.1-150000.3.26.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 mutt-doc-1.10.1-150000.3.26.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 mutt-lang-1.10.1-150000.3.26.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 mutt-1.10.1-150000.3.26.1 as a component of SUSE Manager Proxy 4.2 mutt-doc-1.10.1-150000.3.26.1 as a component of SUSE Manager Proxy 4.2 mutt-lang-1.10.1-150000.3.26.1 as a component of SUSE Manager Proxy 4.2 mutt-1.10.1-150000.3.26.1 as a component of SUSE Manager Server 4.2 mutt-doc-1.10.1-150000.3.26.1 as a component of SUSE Manager Server 4.2 mutt-lang-1.10.1-150000.3.26.1 as a component of SUSE Manager Server 4.2 mutt-1.10.1-150000.3.26.1 as a component of openSUSE Leap 15.4 mutt-doc-1.10.1-150000.3.26.1 as a component of openSUSE Leap 15.4 mutt-lang-1.10.1-150000.3.26.1 as a component of openSUSE Leap 15.4 mutt-1.10.1-150000.3.26.1 as a component of openSUSE Leap 15.5 mutt-doc-1.10.1-150000.3.26.1 as a component of openSUSE Leap 15.5 mutt-lang-1.10.1-150000.3.26.1 as a component of openSUSE Leap 15.5 Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 CVE-2023-4874 SUSE Linux Enterprise Module for Basesystem 15 SP4:mutt-1.10.1-150000.3.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP4:mutt-doc-1.10.1-150000.3.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP4:mutt-lang-1.10.1-150000.3.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:mutt-1.10.1-150000.3.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:mutt-doc-1.10.1-150000.3.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:mutt-lang-1.10.1-150000.3.26.1 SUSE Manager Proxy 4.2:mutt-1.10.1-150000.3.26.1 SUSE Manager Proxy 4.2:mutt-doc-1.10.1-150000.3.26.1 SUSE Manager Proxy 4.2:mutt-lang-1.10.1-150000.3.26.1 SUSE Manager Server 4.2:mutt-1.10.1-150000.3.26.1 SUSE Manager Server 4.2:mutt-doc-1.10.1-150000.3.26.1 SUSE Manager Server 4.2:mutt-lang-1.10.1-150000.3.26.1 openSUSE Leap 15.4:mutt-1.10.1-150000.3.26.1 openSUSE Leap 15.4:mutt-doc-1.10.1-150000.3.26.1 openSUSE Leap 15.4:mutt-lang-1.10.1-150000.3.26.1 openSUSE Leap 15.5:mutt-1.10.1-150000.3.26.1 openSUSE Leap 15.5:mutt-doc-1.10.1-150000.3.26.1 openSUSE Leap 15.5:mutt-lang-1.10.1-150000.3.26.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233826-1/ https://www.suse.com/security/cve/CVE-2023-4874.html CVE-2023-4874 https://bugzilla.suse.com/1215189 SUSE Bug 1215189 Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 CVE-2023-4875 SUSE Linux Enterprise Module for Basesystem 15 SP4:mutt-1.10.1-150000.3.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP4:mutt-doc-1.10.1-150000.3.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP4:mutt-lang-1.10.1-150000.3.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:mutt-1.10.1-150000.3.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:mutt-doc-1.10.1-150000.3.26.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:mutt-lang-1.10.1-150000.3.26.1 SUSE Manager Proxy 4.2:mutt-1.10.1-150000.3.26.1 SUSE Manager Proxy 4.2:mutt-doc-1.10.1-150000.3.26.1 SUSE Manager Proxy 4.2:mutt-lang-1.10.1-150000.3.26.1 SUSE Manager Server 4.2:mutt-1.10.1-150000.3.26.1 SUSE Manager Server 4.2:mutt-doc-1.10.1-150000.3.26.1 SUSE Manager Server 4.2:mutt-lang-1.10.1-150000.3.26.1 openSUSE Leap 15.4:mutt-1.10.1-150000.3.26.1 openSUSE Leap 15.4:mutt-doc-1.10.1-150000.3.26.1 openSUSE Leap 15.4:mutt-lang-1.10.1-150000.3.26.1 openSUSE Leap 15.5:mutt-1.10.1-150000.3.26.1 openSUSE Leap 15.5:mutt-doc-1.10.1-150000.3.26.1 openSUSE Leap 15.5:mutt-lang-1.10.1-150000.3.26.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233826-1/ https://www.suse.com/security/cve/CVE-2023-4875.html CVE-2023-4875 https://bugzilla.suse.com/1215191 SUSE Bug 1215191