Skip to navigation

Security Advisory mutt security update

Advisory: RHSA-2006:0577-3
Type: Security Advisory
Severity: Moderate
Issued on: 2006-07-12
Last updated on: 2006-07-12
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2006-3242

Details

Updated mutt packages that fix a security issue are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Mutt is a text-mode mail user agent.

A buffer overflow flaw was found in the way Mutt processes an overly
long namespace from a malicious imap server. In order to exploit this
flaw a user would have to use Mutt to connect to a malicious IMAP server.
(CVE-2006-3242)

Users of Mutt are advised to upgrade to these erratum packages, which
contain a backported patch to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)

IA-32:
mutt-1.4.1-3.5.rhel3.i386.rpm
File outdated by:  RHSA-2007:0386
    MD5: 74ca0464aeb67b5f8915f796e729cc7a
 
x86_64:
mutt-1.4.1-3.5.rhel3.x86_64.rpm
File outdated by:  RHSA-2007:0386
    MD5: 09ae329bd135464f4415383973e3fcbb
 
Red Hat Desktop (v. 4)

IA-32:
mutt-1.4.1-11.rhel4.i386.rpm
File outdated by:  RHSA-2007:0386
    MD5: 2865d8ea5a1c818bd25b9a55211b0558
 
x86_64:
mutt-1.4.1-11.rhel4.x86_64.rpm
File outdated by:  RHSA-2007:0386
    MD5: 3eb2b23126222c0b13fc9fa74a590a10
 
Red Hat Enterprise Linux AS (v. 2.1)

IA-32:
mutt-1.2.5.1-2.rhel21.i386.rpm     MD5: 7c33167f6a99327ea66a7d21158a3759
 
IA-64:
mutt-1.2.5.1-2.rhel21.ia64.rpm     MD5: 4f6bb6963b32b2cd7394fa6311251732
 
Red Hat Enterprise Linux AS (v. 3)

IA-32:
mutt-1.4.1-3.5.rhel3.i386.rpm
File outdated by:  RHSA-2007:0386
    MD5: 74ca0464aeb67b5f8915f796e729cc7a
 
IA-64:
mutt-1.4.1-3.5.rhel3.ia64.rpm
File outdated by:  RHSA-2007:0386
    MD5: a976af2dec5ddafcc17fb3e43516a637
 
PPC:
mutt-1.4.1-3.5.rhel3.ppc.rpm
File outdated by:  RHSA-2007:0386
    MD5: 5174f5edc6e767f728c481e3f80c0f4e
 
s390:
mutt-1.4.1-3.5.rhel3.s390.rpm
File outdated by:  RHSA-2007:0386
    MD5: f514ef393a8a4b9e52304c365caadb32
 
s390x:
mutt-1.4.1-3.5.rhel3.s390x.rpm
File outdated by:  RHSA-2007:0386
    MD5: dedb942b68b8f004959de7726e2cdab4
 
x86_64:
mutt-1.4.1-3.5.rhel3.x86_64.rpm
File outdated by:  RHSA-2007:0386
    MD5: 09ae329bd135464f4415383973e3fcbb
 
Red Hat Enterprise Linux AS (v. 4)

IA-32:
mutt-1.4.1-11.rhel4.i386.rpm
File outdated by:  RHSA-2007:0386
    MD5: 2865d8ea5a1c818bd25b9a55211b0558
 
IA-64:
mutt-1.4.1-11.rhel4.ia64.rpm
File outdated by:  RHSA-2007:0386
    MD5: ba7a3661e2c31ebc2b478e2546564721
 
PPC:
mutt-1.4.1-11.rhel4.ppc.rpm
File outdated by:  RHSA-2007:0386
    MD5: b800a6547047140a6ae9f88427f05b97
 
s390:
mutt-1.4.1-11.rhel4.s390.rpm
File outdated by:  RHSA-2007:0386
    MD5: 9f3b9d6494e32cc82771a0d18bd6e0d0
 
s390x:
mutt-1.4.1-11.rhel4.s390x.rpm
File outdated by:  RHSA-2007:0386
    MD5: ac7d20109b0d477317ac98e60bebd246
 
x86_64:
mutt-1.4.1-11.rhel4.x86_64.rpm
File outdated by:  RHSA-2007:0386
    MD5: 3eb2b23126222c0b13fc9fa74a590a10
 
Red Hat Enterprise Linux ES (v. 2.1)

IA-32:
mutt-1.2.5.1-2.rhel21.i386.rpm     MD5: 7c33167f6a99327ea66a7d21158a3759
 
Red Hat Enterprise Linux ES (v. 3)

IA-32:
mutt-1.4.1-3.5.rhel3.i386.rpm
File outdated by:  RHSA-2007:0386
    MD5: 74ca0464aeb67b5f8915f796e729cc7a
 
IA-64:
mutt-1.4.1-3.5.rhel3.ia64.rpm
File outdated by:  RHSA-2007:0386
    MD5: a976af2dec5ddafcc17fb3e43516a637
 
x86_64:
mutt-1.4.1-3.5.rhel3.x86_64.rpm
File outdated by:  RHSA-2007:0386
    MD5: 09ae329bd135464f4415383973e3fcbb
 
Red Hat Enterprise Linux ES (v. 4)

IA-32:
mutt-1.4.1-11.rhel4.i386.rpm
File outdated by:  RHSA-2007:0386
    MD5: 2865d8ea5a1c818bd25b9a55211b0558
 
IA-64:
mutt-1.4.1-11.rhel4.ia64.rpm
File outdated by:  RHSA-2007:0386
    MD5: ba7a3661e2c31ebc2b478e2546564721
 
x86_64:
mutt-1.4.1-11.rhel4.x86_64.rpm
File outdated by:  RHSA-2007:0386
    MD5: 3eb2b23126222c0b13fc9fa74a590a10
 
Red Hat Enterprise Linux WS (v. 2.1)

IA-32:
mutt-1.2.5.1-2.rhel21.i386.rpm     MD5: 7c33167f6a99327ea66a7d21158a3759
 
Red Hat Enterprise Linux WS (v. 3)

IA-32:
mutt-1.4.1-3.5.rhel3.i386.rpm
File outdated by:  RHSA-2007:0386
    MD5: 74ca0464aeb67b5f8915f796e729cc7a
 
IA-64:
mutt-1.4.1-3.5.rhel3.ia64.rpm
File outdated by:  RHSA-2007:0386
    MD5: a976af2dec5ddafcc17fb3e43516a637
 
x86_64:
mutt-1.4.1-3.5.rhel3.x86_64.rpm
File outdated by:  RHSA-2007:0386
    MD5: 09ae329bd135464f4415383973e3fcbb
 
Red Hat Enterprise Linux WS (v. 4)

IA-32:
mutt-1.4.1-11.rhel4.i386.rpm
File outdated by:  RHSA-2007:0386
    MD5: 2865d8ea5a1c818bd25b9a55211b0558
 
IA-64:
mutt-1.4.1-11.rhel4.ia64.rpm
File outdated by:  RHSA-2007:0386
    MD5: ba7a3661e2c31ebc2b478e2546564721
 
x86_64:
mutt-1.4.1-11.rhel4.x86_64.rpm
File outdated by:  RHSA-2007:0386
    MD5: 3eb2b23126222c0b13fc9fa74a590a10
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

IA-64:
mutt-1.2.5.1-2.rhel21.ia64.rpm     MD5: 4f6bb6963b32b2cd7394fa6311251732
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

197151 - CVE-2006-3242 Mutt IMAP namespace buffer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/