ALAS2023-2023-357

Amazon Linux 2023 Security Advisory: ALAS2023-2023-357
Advisory Released Date: 2023-10-03
Advisory Updated Date: 2023-10-03

Severity: Medium

References: CVE-2023-4874 CVE-2023-4875
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 (CVE-2023-4874)

Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 (CVE-2023-4875)

Affected Packages:

mutt

Issue Correction:
Run dnf update mutt --releasever 2023.2.20231002 to update your system.

New Packages:

aarch64:
    mutt-debuginfo-2.2.9-1.amzn2023.0.2.aarch64
    mutt-debugsource-2.2.9-1.amzn2023.0.2.aarch64
    mutt-2.2.9-1.amzn2023.0.2.aarch64

src:
    mutt-2.2.9-1.amzn2023.0.2.src

x86_64:
    mutt-debuginfo-2.2.9-1.amzn2023.0.2.x86_64
    mutt-2.2.9-1.amzn2023.0.2.x86_64
    mutt-debugsource-2.2.9-1.amzn2023.0.2.x86_64

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2023-4874, CVE-2023-4875

Mitre: CVE-2023-4874, CVE-2023-4875