Packages
- mutt - text-based mailreader supporting MIME, GPG, PGP and threading
Details
It was discovered that mutt incorrectly verified the hostname in an SSL
certificate. An attacker could trick mutt into trusting a rogue SMTPS,
IMAPS, or POP3S server's certificate, which was signed by a trusted certificate
authority, to perform a machine-in-the-middle attack.
It was discovered that mutt incorrectly verified the hostname in an SSL
certificate. An attacker could trick mutt into trusting a rogue SMTPS,
IMAPS, or POP3S server's certificate, which was signed by a trusted certificate
authority, to perform a machine-in-the-middle attack.
Update instructions
After a standard system update you need to restart mutt to make all the necessary changes. Users are encouraged to verify their ~/.mutt_certificates file to ensure only trusted certificates are listed.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 11.04 natty | mutt – 1.5.21-2ubuntu3.1 | ||
| mutt-patched – 1.5.21-2ubuntu3.1 | |||
| 10.10 maverick | mutt – 1.5.20-9ubuntu2.1 | ||
| mutt-patched – 1.5.20-9ubuntu2.1 | |||
| 10.04 lucid | mutt – 1.5.20-7ubuntu1.1 | ||
| mutt-patched – 1.5.20-7ubuntu1.1 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.