Bug 1179035 - (CVE-2020-28896) VUL-0: CVE-2020-28896: mutt,neomutt: incomplete connection termination could lead to sending credentials over unencrypted connections
(CVE-2020-28896)
VUL-0: CVE-2020-28896: mutt,neomutt: incomplete connection termination could ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: unspecified
Assigned To: Security Team bot
Security Team bot
CVSSv3.1:SUSE:CVE-2020-28896:6.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-11-20 22:01 UTC by Andreas Stieger
Modified: 2021-01-27 17:09 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2020-11-20 22:01:17 UTC
mutt before 2.0.2 contained an error when during a connection a malicious server provided an illegal initial response, mutt would not close the connection properly. Mutt would subsequently rely on the connection status to decide whether to continue with authentication instead of consulting $ssl_force_tls. This could result in authentication credentials being sent over an unencrypted connection.

References:
https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a
Comment 2 Kai Liu 2020-11-21 12:45:00 UTC
New version has been submitted to Factory.
Comment 3 Alexandros Toptsoglou 2020-11-23 08:44:34 UTC
Tracked mutt as affected in SLE11,SLE12 and SLE15. Regarding neomutt we need submissions for Leap 15.1 and 15.2.
Comment 6 Dr. Werner Fink 2020-11-23 16:25:17 UTC
All submitted
Comment 7 Andreas Stieger 2020-11-23 17:04:58 UTC
For mutt, Tumbleweed is still missing
https://build.opensuse.org/request/show/849753
Comment 8 Andreas Stieger 2020-11-24 08:09:57 UTC
Assigning to neomutt maintainer for neomutt
Comment 10 OBSbugzilla Bot 2020-11-25 20:40:21 UTC
This is an autogenerated message for OBS integration:
This bug (1179035) was mentioned in
https://build.opensuse.org/request/show/850817 15.1+15.2 / neomutt
Comment 11 Swamp Workflow Management 2020-11-30 20:21:52 UTC
SUSE-SU-2020:3568-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1179035,1179113
CVE References: CVE-2020-28896
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    mutt-1.10.1-3.11.1
SUSE Linux Enterprise Server 15-LTSS (src):    mutt-1.10.1-3.11.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    mutt-1.10.1-3.11.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    mutt-1.10.1-3.11.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    mutt-1.10.1-3.11.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    mutt-1.10.1-3.11.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    mutt-1.10.1-3.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2020-11-30 20:25:22 UTC
SUSE-SU-2020:14551-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1179035,1179113
CVE References: CVE-2020-28896
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    mutt-1.5.17-42.56.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    mutt-1.5.17-42.56.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    mutt-1.5.17-42.56.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    mutt-1.5.17-42.56.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2020-11-30 23:16:07 UTC
openSUSE-SU-2020:2127-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1172906,1172935,1173197,1179035,1179113
CVE References: CVE-2020-14093,CVE-2020-14154,CVE-2020-14954,CVE-2020-28896
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    neomutt-20201120-lp152.2.3.1
openSUSE Leap 15.1 (src):    neomutt-20201120-lp151.2.3.1
Comment 14 Swamp Workflow Management 2020-12-01 05:16:46 UTC
openSUSE-SU-2020:2128-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1179035,1179113
CVE References: CVE-2020-28896
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    mutt-1.10.1-lp151.2.6.1
Comment 15 Swamp Workflow Management 2020-12-01 20:21:37 UTC
openSUSE-SU-2020:2141-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1179035,1179113
CVE References: CVE-2020-28896
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    mutt-1.10.1-lp152.3.6.1
Comment 17 Swamp Workflow Management 2020-12-04 14:15:44 UTC
openSUSE-SU-2020:2157-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1172906,1172935,1173197,1179035,1179113
CVE References: CVE-2020-14093,CVE-2020-14154,CVE-2020-14954,CVE-2020-28896
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP1 (src):    neomutt-20201120-bp151.3.3.1
Comment 18 Swamp Workflow Management 2020-12-04 14:20:01 UTC
openSUSE-SU-2020:2158-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1172906,1172935,1173197,1179035,1179113
CVE References: CVE-2020-14093,CVE-2020-14154,CVE-2020-14954,CVE-2020-28896
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP2 (src):    neomutt-20201120-bp152.2.3.1
Comment 19 Swamp Workflow Management 2020-12-07 14:22:34 UTC
SUSE-SU-2020:3632-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (important)
Bug References: 1179035,1179113,1179461
CVE References: CVE-2020-28896
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    mutt-1.10.1-55.18.1
SUSE OpenStack Cloud Crowbar 8 (src):    mutt-1.10.1-55.18.1
SUSE OpenStack Cloud 9 (src):    mutt-1.10.1-55.18.1
SUSE OpenStack Cloud 8 (src):    mutt-1.10.1-55.18.1
SUSE OpenStack Cloud 7 (src):    mutt-1.10.1-55.18.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    mutt-1.10.1-55.18.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    mutt-1.10.1-55.18.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    mutt-1.10.1-55.18.1
SUSE Linux Enterprise Server 12-SP5 (src):    mutt-1.10.1-55.18.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    mutt-1.10.1-55.18.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    mutt-1.10.1-55.18.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    mutt-1.10.1-55.18.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    mutt-1.10.1-55.18.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    mutt-1.10.1-55.18.1
SUSE Enterprise Storage 5 (src):    mutt-1.10.1-55.18.1
HPE Helion Openstack 8 (src):    mutt-1.10.1-55.18.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 20 Alexandros Toptsoglou 2021-01-27 17:09:39 UTC
DONE