Bug 1173197 - (CVE-2020-14954) VUL-0: CVE-2020-14954: mutt,neomutt: STARTTLS buffering issue allowing MITM of IMAP, SMTP and POP3
(CVE-2020-14954)
VUL-0: CVE-2020-14954: mutt,neomutt: STARTTLS buffering issue allowing MITM o...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/262068/
CVSSv3.1:SUSE:CVE-2020-14954:7.4:(AV:...
:
Depends on:
Blocks: NOSTARTTLS
  Show dependency treegraph
 
Reported: 2020-06-22 06:46 UTC by Wolfgang Frisch
Modified: 2021-08-09 11:13 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2020-06-22 06:46:41 UTC
CVE-2020-14954

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue
that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response,
the client reads additional data (e.g., from a man-in-the-middle attacker) and
evaluates it in a TLS context, aka "response injection."

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14954
http://www.debian.org/security/-1/dsa-4707
https://github.com/neomutt/neomutt/commit/fb013ec666759cb8a9e294347c7b4c1f597639cc
https://github.com/neomutt/neomutt/releases/tag/20200619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14954
https://gitlab.com/muttmua/mutt/-/issues/248
http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200615/000023.html
http://www.mutt.org/
https://gitlab.com/muttmua/mutt/-/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4
Comment 1 Wolfgang Frisch 2020-06-22 11:26:30 UTC
SUSE:SLE-11:Update       mutt      Affected
SUSE:SLE-12:Update       mutt      Affected
SUSE:SLE-15:Update       mutt      Affected
Comment 4 OBSbugzilla Bot 2020-06-24 15:50:16 UTC
This is an autogenerated message for OBS integration:
This bug (1173197) was mentioned in
https://build.opensuse.org/request/show/816866 Factory / mutt
Comment 5 Swamp Workflow Management 2020-06-26 10:18:11 UTC
SUSE-SU-2020:1771-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1172906,1172935,1173197
CVE References: CVE-2020-14093,CVE-2020-14154,CVE-2020-14954
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    mutt-1.10.1-3.8.1
SUSE Linux Enterprise Server 15-LTSS (src):    mutt-1.10.1-3.8.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    mutt-1.10.1-3.8.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    mutt-1.10.1-3.8.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    mutt-1.10.1-3.8.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    mutt-1.10.1-3.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2020-06-29 13:13:22 UTC
SUSE-SU-2020:1794-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1172906,1172935,1173197
CVE References: CVE-2020-14093,CVE-2020-14154,CVE-2020-14954
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    mutt-1.10.1-55.11.1
SUSE OpenStack Cloud 8 (src):    mutt-1.10.1-55.11.1
SUSE OpenStack Cloud 7 (src):    mutt-1.10.1-55.11.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    mutt-1.10.1-55.11.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    mutt-1.10.1-55.11.1
SUSE Linux Enterprise Server 12-SP5 (src):    mutt-1.10.1-55.11.1
SUSE Linux Enterprise Server 12-SP4 (src):    mutt-1.10.1-55.11.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    mutt-1.10.1-55.11.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    mutt-1.10.1-55.11.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    mutt-1.10.1-55.11.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    mutt-1.10.1-55.11.1
SUSE Enterprise Storage 5 (src):    mutt-1.10.1-55.11.1
HPE Helion Openstack 8 (src):    mutt-1.10.1-55.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2020-06-29 22:18:34 UTC
openSUSE-SU-2020:0915-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1172906,1172935,1173197
CVE References: CVE-2020-14093,CVE-2020-14154,CVE-2020-14954
Sources used:
openSUSE Leap 15.2 (src):    mutt-1.10.1-lp152.3.3.1
Comment 8 Swamp Workflow Management 2020-06-30 13:12:55 UTC
SUSE-SU-2020:14414-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1172906,1172935,1173197
CVE References: CVE-2020-14093,CVE-2020-14154,CVE-2020-14954
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    mutt-1.5.17-42.51.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    mutt-1.5.17-42.51.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    mutt-1.5.17-42.51.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    mutt-1.5.17-42.51.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Alexandros Toptsoglou 2020-07-09 14:49:06 UTC
Done
Comment 10 Andreas Stieger 2020-11-23 17:29:10 UTC
These did not get fixed for neomutt
Comment 11 Andreas Stieger 2020-11-23 17:30:23 UTC
These did not get fixed for neomutt
Comment 12 OBSbugzilla Bot 2020-11-25 20:40:17 UTC
This is an autogenerated message for OBS integration:
This bug (1173197) was mentioned in
https://build.opensuse.org/request/show/850817 15.1+15.2 / neomutt
Comment 13 Swamp Workflow Management 2020-11-30 23:16:02 UTC
openSUSE-SU-2020:2127-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1172906,1172935,1173197,1179035,1179113
CVE References: CVE-2020-14093,CVE-2020-14154,CVE-2020-14954,CVE-2020-28896
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    neomutt-20201120-lp152.2.3.1
openSUSE Leap 15.1 (src):    neomutt-20201120-lp151.2.3.1
Comment 14 Swamp Workflow Management 2020-12-04 14:15:37 UTC
openSUSE-SU-2020:2157-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1172906,1172935,1173197,1179035,1179113
CVE References: CVE-2020-14093,CVE-2020-14154,CVE-2020-14954,CVE-2020-28896
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP1 (src):    neomutt-20201120-bp151.3.3.1
Comment 15 Swamp Workflow Management 2020-12-04 14:19:55 UTC
openSUSE-SU-2020:2158-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1172906,1172935,1173197,1179035,1179113
CVE References: CVE-2020-14093,CVE-2020-14154,CVE-2020-14954,CVE-2020-28896
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP2 (src):    neomutt-20201120-bp152.2.3.1
Comment 16 Wolfgang Frisch 2020-12-09 17:10:23 UTC
(In reply to Andreas Stieger from comment #10)
> These did not get fixed for neomutt

Good catch! Released.