CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
86.0%
USN-3719-1 fixed vulnerabilities in Mutt. Unfortunately, the fixes were
not correctly applied to the packaging for Mutt in Ubuntu 16.04 LTS.
This update corrects the oversight.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Mutt incorrectly handled certain requests.
An attacker could possibly use this to execute arbitrary code.
(CVE-2018-14350, CVE-2018-14352, CVE-2018-14354, CVE-2018-14359,
CVE-2018-14358, CVE-2018-14353 ,CVE-2018-14357)
It was discovered that Mutt incorrectly handled certain inputs.
An attacker could possibly use this to access or expose sensitive
information. (CVE-2018-14355, CVE-2018-14356, CVE-2018-14351,
CVE-2018-14362, CVE-2018-14349)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 16.04 | noarch | mutt | < 1.5.24-1ubuntu0.2 | UNKNOWN |
Ubuntu | 16.04 | noarch | mutt-dbg | < 1.5.24-1ubuntu0.2 | UNKNOWN |
Ubuntu | 16.04 | noarch | mutt-dbgsym | < 1.5.24-1ubuntu0.2 | UNKNOWN |
Ubuntu | 16.04 | noarch | mutt-patched | < 1.5.24-1ubuntu0.2 | UNKNOWN |
Ubuntu | 16.04 | noarch | mutt-patched-dbgsym | < 1.5.24-1ubuntu0.2 | UNKNOWN |
launchpad.net/bugs/1794278
ubuntu.com/security/CVE-2018-14349
ubuntu.com/security/CVE-2018-14350
ubuntu.com/security/CVE-2018-14351
ubuntu.com/security/CVE-2018-14352
ubuntu.com/security/CVE-2018-14353
ubuntu.com/security/CVE-2018-14354
ubuntu.com/security/CVE-2018-14355
ubuntu.com/security/CVE-2018-14356
ubuntu.com/security/CVE-2018-14357
ubuntu.com/security/CVE-2018-14358
ubuntu.com/security/CVE-2018-14359
ubuntu.com/security/CVE-2018-14362
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
86.0%