ALAS-2023-1836

Amazon Linux 1 (EOL) Security Advisory: ALAS-2023-1836
Advisory Released Date: 2023-10-03
Advisory Updated Date: 2023-10-06

Severity: Medium

References: CVE-2023-4874 CVE-2023-4875
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 (CVE-2023-4874)

Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 (CVE-2023-4875)

Affected Packages:

mutt

Issue Correction:
Run yum update mutt to update your system.

New Packages:

i686:
    mutt-1.5.20-7.20091214hg736b6a.10.amzn1.i686
    mutt-debuginfo-1.5.20-7.20091214hg736b6a.10.amzn1.i686

src:
    mutt-1.5.20-7.20091214hg736b6a.10.amzn1.src

x86_64:
    mutt-debuginfo-1.5.20-7.20091214hg736b6a.10.amzn1.x86_64
    mutt-1.5.20-7.20091214hg736b6a.10.amzn1.x86_64

Additional References

Red Hat: CVE-2023-4874, CVE-2023-4875

Mitre: CVE-2023-4874, CVE-2023-4875