Security Advisory mutt security update

Advisory: RHSA-2006:0577-3
Type: Security Advisory
Severity: Moderate
Issued on: 2006-07-12
Last updated on: 2006-07-12
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A
CVEs (cve.mitre.org): CVE-2006-3242

Details

Updated mutt packages that fix a security issue are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Mutt is a text-mode mail user agent.

A buffer overflow flaw was found in the way Mutt processes an overly
long namespace from a malicious imap server. In order to exploit this
flaw a user would have to use Mutt to connect to a malicious IMAP server.
(CVE-2006-3242)

Users of Mutt are advised to upgrade to these erratum packages, which
contain a backported patch to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
mutt-1.4.1-3.5.rhel3.src.rpm
File outdated by:  RHSA-2007:0386		     888328d8ea84f9d405cf68c1d37a4a62
 
IA-32:
mutt-1.4.1-3.5.rhel3.i386.rpm
File outdated by:  RHSA-2007:0386		     74ca0464aeb67b5f8915f796e729cc7a
 
x86_64:
mutt-1.4.1-3.5.rhel3.x86_64.rpm
File outdated by:  RHSA-2007:0386		     09ae329bd135464f4415383973e3fcbb
 
Red Hat Desktop (v. 4)
SRPMS:
mutt-1.4.1-11.rhel4.src.rpm
File outdated by:  RHSA-2007:0386		     ed0c14b530685c615fceb65d67fe347d
 
IA-32:
mutt-1.4.1-11.rhel4.i386.rpm
File outdated by:  RHSA-2007:0386		     2865d8ea5a1c818bd25b9a55211b0558
 
x86_64:
mutt-1.4.1-11.rhel4.x86_64.rpm
File outdated by:  RHSA-2007:0386		     3eb2b23126222c0b13fc9fa74a590a10
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
mutt-1.2.5.1-2.rhel21.src.rpm     54b1c502dcc5da91b83593a29e689cda
 
IA-32:
mutt-1.2.5.1-2.rhel21.i386.rpm     7c33167f6a99327ea66a7d21158a3759
 
IA-64:
mutt-1.2.5.1-2.rhel21.ia64.rpm     4f6bb6963b32b2cd7394fa6311251732
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
mutt-1.4.1-3.5.rhel3.src.rpm
File outdated by:  RHSA-2007:0386		     888328d8ea84f9d405cf68c1d37a4a62
 
IA-32:
mutt-1.4.1-3.5.rhel3.i386.rpm
File outdated by:  RHSA-2007:0386		     74ca0464aeb67b5f8915f796e729cc7a
 
IA-64:
mutt-1.4.1-3.5.rhel3.ia64.rpm
File outdated by:  RHSA-2007:0386		     a976af2dec5ddafcc17fb3e43516a637
 
PPC:
mutt-1.4.1-3.5.rhel3.ppc.rpm
File outdated by:  RHSA-2007:0386		     5174f5edc6e767f728c481e3f80c0f4e
 
s390:
mutt-1.4.1-3.5.rhel3.s390.rpm
File outdated by:  RHSA-2007:0386		     f514ef393a8a4b9e52304c365caadb32
 
s390x:
mutt-1.4.1-3.5.rhel3.s390x.rpm
File outdated by:  RHSA-2007:0386		     dedb942b68b8f004959de7726e2cdab4
 
x86_64:
mutt-1.4.1-3.5.rhel3.x86_64.rpm
File outdated by:  RHSA-2007:0386		     09ae329bd135464f4415383973e3fcbb
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
mutt-1.4.1-11.rhel4.src.rpm
File outdated by:  RHSA-2007:0386		     ed0c14b530685c615fceb65d67fe347d
 
IA-32:
mutt-1.4.1-11.rhel4.i386.rpm
File outdated by:  RHSA-2007:0386		     2865d8ea5a1c818bd25b9a55211b0558
 
IA-64:
mutt-1.4.1-11.rhel4.ia64.rpm
File outdated by:  RHSA-2007:0386		     ba7a3661e2c31ebc2b478e2546564721
 
PPC:
mutt-1.4.1-11.rhel4.ppc.rpm
File outdated by:  RHSA-2007:0386		     b800a6547047140a6ae9f88427f05b97
 
s390:
mutt-1.4.1-11.rhel4.s390.rpm
File outdated by:  RHSA-2007:0386		     9f3b9d6494e32cc82771a0d18bd6e0d0
 
s390x:
mutt-1.4.1-11.rhel4.s390x.rpm
File outdated by:  RHSA-2007:0386		     ac7d20109b0d477317ac98e60bebd246
 
x86_64:
mutt-1.4.1-11.rhel4.x86_64.rpm
File outdated by:  RHSA-2007:0386		     3eb2b23126222c0b13fc9fa74a590a10
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
mutt-1.2.5.1-2.rhel21.src.rpm     54b1c502dcc5da91b83593a29e689cda
 
IA-32:
mutt-1.2.5.1-2.rhel21.i386.rpm     7c33167f6a99327ea66a7d21158a3759
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
mutt-1.4.1-3.5.rhel3.src.rpm
File outdated by:  RHSA-2007:0386		     888328d8ea84f9d405cf68c1d37a4a62
 
IA-32:
mutt-1.4.1-3.5.rhel3.i386.rpm
File outdated by:  RHSA-2007:0386		     74ca0464aeb67b5f8915f796e729cc7a
 
IA-64:
mutt-1.4.1-3.5.rhel3.ia64.rpm
File outdated by:  RHSA-2007:0386		     a976af2dec5ddafcc17fb3e43516a637
 
x86_64:
mutt-1.4.1-3.5.rhel3.x86_64.rpm
File outdated by:  RHSA-2007:0386		     09ae329bd135464f4415383973e3fcbb
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
mutt-1.4.1-11.rhel4.src.rpm
File outdated by:  RHSA-2007:0386		     ed0c14b530685c615fceb65d67fe347d
 
IA-32:
mutt-1.4.1-11.rhel4.i386.rpm
File outdated by:  RHSA-2007:0386		     2865d8ea5a1c818bd25b9a55211b0558
 
IA-64:
mutt-1.4.1-11.rhel4.ia64.rpm
File outdated by:  RHSA-2007:0386		     ba7a3661e2c31ebc2b478e2546564721
 
x86_64:
mutt-1.4.1-11.rhel4.x86_64.rpm
File outdated by:  RHSA-2007:0386		     3eb2b23126222c0b13fc9fa74a590a10
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
mutt-1.2.5.1-2.rhel21.src.rpm     54b1c502dcc5da91b83593a29e689cda
 
IA-32:
mutt-1.2.5.1-2.rhel21.i386.rpm     7c33167f6a99327ea66a7d21158a3759
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
mutt-1.4.1-3.5.rhel3.src.rpm
File outdated by:  RHSA-2007:0386		     888328d8ea84f9d405cf68c1d37a4a62
 
IA-32:
mutt-1.4.1-3.5.rhel3.i386.rpm
File outdated by:  RHSA-2007:0386		     74ca0464aeb67b5f8915f796e729cc7a
 
IA-64:
mutt-1.4.1-3.5.rhel3.ia64.rpm
File outdated by:  RHSA-2007:0386		     a976af2dec5ddafcc17fb3e43516a637
 
x86_64:
mutt-1.4.1-3.5.rhel3.x86_64.rpm
File outdated by:  RHSA-2007:0386		     09ae329bd135464f4415383973e3fcbb
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
mutt-1.4.1-11.rhel4.src.rpm
File outdated by:  RHSA-2007:0386		     ed0c14b530685c615fceb65d67fe347d
 
IA-32:
mutt-1.4.1-11.rhel4.i386.rpm
File outdated by:  RHSA-2007:0386		     2865d8ea5a1c818bd25b9a55211b0558
 
IA-64:
mutt-1.4.1-11.rhel4.ia64.rpm
File outdated by:  RHSA-2007:0386		     ba7a3661e2c31ebc2b478e2546564721
 
x86_64:
mutt-1.4.1-11.rhel4.x86_64.rpm
File outdated by:  RHSA-2007:0386		     3eb2b23126222c0b13fc9fa74a590a10
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
mutt-1.2.5.1-2.rhel21.src.rpm     54b1c502dcc5da91b83593a29e689cda
 
IA-64:
mutt-1.2.5.1-2.rhel21.ia64.rpm     4f6bb6963b32b2cd7394fa6311251732
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

197151 - CVE-2006-3242 Mutt IMAP namespace buffer overflow


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3242
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/