-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________
		   Caldera Systems, Inc.  Security Advisory

Subject:		buffer overflow in mutt
Advisory number: 	CSSA-1999:031.0.txt
Issue date: 		1999 October, 15
Cross reference:
______________________________________________________________________________


1. Problem Description

   A buffer overflow has been discovered in the way mutt handles
   MIME messages of type text/enriched.

   By sending a specially composed mail message to some user,
   an attacker can execute commands under the account of the
   user reading the mail message.

2. Vulnerable Versions

   Systems : up to COL 2.3
   Packages: previous to mutt-0.95.6-2.i386.rpm

3. Solutions

   Workaround: not known

   The proper solution is to upgrade to the latest packages

	rpm -U mutt-0.95.6-2.i386.rpm

4. Location of Fixed Packages

   The upgrade packages can be found on Caldera's FTP site at:

   ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.3/current/RPMS/

   The corresponding source code package can be found at:

   ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.3/current/SRPMS


5. Installing Fixed Packages

   Upgrade the affected packages with the following commands:

        rpm -U mutt-0.95.6-2.i386.rpm

	
6. Verification

   7e0db93e92316eb42432c0a7fd16b414  RPMS/mutt-0.95.6-2.i386.rpm
   974b46cf1c3b285e2d0107f276d952d6  SRPMS/mutt-0.95.6-2.src.rpm

7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 5189

8. Disclaimer
   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.

______________________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQCVAwUBOAcui+n+9R4958LpAQFshQQAjPXLVsyxmAUD+2IBdC9YBOlruA5r7QrJ
+oQphRfIBs8RuLo54wllhw87UJL1o4wB1eXuslGWuKLuWXtjWCM0BJLI21+iSTpt
/jo6neq5GzivmSqn8dx7oheevp42dLrAQkX79cC5bunVAFxpDgD5jVY/mML2LS0T
kOEUA2bVmYw=
=GEXD
-----END PGP SIGNATURE-----