Mageia 2020-0448: mutt security update
Summary
Mutt before 2.0.2 did not ensure that $ssl_force_tls was processed if an IMAP
server's initial server response was invalid. The connection was not properly
closed, and the code could continue attempting to authenticate. This could
result in authentication credentials being exposed on an unencrypted
connection, or to a machine-in-the-middle (CVE-2020-28896).
References
- https://bugs.mageia.org/show_bug.cgi?id=27686
- https://ubuntu.com/security/notices/USN-4645-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28896
Resolution
MGASA-2020-0448 - Updated mutt packages fix a security vulnerability
SRPMS
- 7/core/mutt-1.11.4-1.4.mga7