A vulnerability has been found in GNU Mailutils allowing privilege escalation.
|Package||net-mail/mailutils on all architectures|
|Affected versions||< 3.8|
|Unaffected versions||>= 3.8|
The GNU Mailutils are a collection of mail-related utilities, including an IMAP4 server (imap4d).
GNU Mailutils runs maidag by default with setuid root permissions.
An attacker can use this to write to arbitrary files as root.
There is no known workaround at this time.
All GNU Mailutils users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/mailutils-3.8"
June 13, 2020
June 13, 2020: 1