Security Advisory Important: mutt security update

Advisory: RHSA-2014:0304-1
Type: Security Advisory
Severity: Important
Issued on: 2014-03-17
Last updated on: 2014-03-17
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.5)
Red Hat Enterprise Linux Server EUS (v. 6.5.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2014-0467

Details

An updated mutt package that fixes one security issue is now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
Important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Mutt is a text-mode mail user agent.

A heap-based buffer overflow flaw was found in the way mutt processed
certain email headers. A remote attacker could use this flaw to send an
email with specially crafted headers that, when processed, could cause mutt
to crash or, potentially, execute arbitrary code with the permissions of
the user running mutt. (CVE-2014-0467)

All mutt users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue. All running instances of
mutt must be restarted for this update to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
mutt-1.5.20-4.20091214hg736b6a.el6_5.src.rpm
File outdated by:  RHBA-2014:0945
    MD5: 63aaf6f8596be97cfc2ca069667505ed
SHA-256: 2975884c396d7f88f43de178028f8759fd1b0eb50bb709d0285ddbda9edfdbee
 
IA-32:
mutt-1.5.20-4.20091214hg736b6a.el6_5.i686.rpm
File outdated by:  RHBA-2014:0945
    MD5: bc63be4f6d56453d59046b82b2e479ce
SHA-256: f8fc3ee90cc3ea59eb66e31208a5214bea701d609e56fedaf46f60e9a7a32108
mutt-debuginfo-1.5.20-4.20091214hg736b6a.el6_5.i686.rpm
File outdated by:  RHBA-2014:0945
    MD5: b1f2ccaaa3efd173d7a05a2e9ba04acc
SHA-256: 8247f9bd7e40bb6ec8e0e70caab1f317209144ee36cab2fbc135512014bcb747
 
x86_64:
mutt-1.5.20-4.20091214hg736b6a.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:0945
    MD5: 7e7f64bc31bca0380db46174e7a4f5b7
SHA-256: bff7cc19fab3ee0e4114369ae64ff9510a922e82e560cfd009efe4b9d981d529
mutt-debuginfo-1.5.20-4.20091214hg736b6a.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:0945
    MD5: defb8372eb2e88f68a35b31ac36a9bd0
SHA-256: 3ff4e89dca1d1f9fa890a4c825e46c2b6140309507c6efd9540b9b833c7a4f96
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
mutt-1.5.20-4.20091214hg736b6a.el6_5.src.rpm
File outdated by:  RHBA-2014:0945
    MD5: 63aaf6f8596be97cfc2ca069667505ed
SHA-256: 2975884c396d7f88f43de178028f8759fd1b0eb50bb709d0285ddbda9edfdbee
 
x86_64:
mutt-1.5.20-4.20091214hg736b6a.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:0945
    MD5: 7e7f64bc31bca0380db46174e7a4f5b7
SHA-256: bff7cc19fab3ee0e4114369ae64ff9510a922e82e560cfd009efe4b9d981d529
mutt-debuginfo-1.5.20-4.20091214hg736b6a.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:0945
    MD5: defb8372eb2e88f68a35b31ac36a9bd0
SHA-256: 3ff4e89dca1d1f9fa890a4c825e46c2b6140309507c6efd9540b9b833c7a4f96
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
mutt-1.5.20-4.20091214hg736b6a.el6_5.src.rpm
File outdated by:  RHBA-2014:0945
    MD5: 63aaf6f8596be97cfc2ca069667505ed
SHA-256: 2975884c396d7f88f43de178028f8759fd1b0eb50bb709d0285ddbda9edfdbee
 
IA-32:
mutt-1.5.20-4.20091214hg736b6a.el6_5.i686.rpm
File outdated by:  RHBA-2014:0945
    MD5: bc63be4f6d56453d59046b82b2e479ce
SHA-256: f8fc3ee90cc3ea59eb66e31208a5214bea701d609e56fedaf46f60e9a7a32108
mutt-debuginfo-1.5.20-4.20091214hg736b6a.el6_5.i686.rpm
File outdated by:  RHBA-2014:0945
    MD5: b1f2ccaaa3efd173d7a05a2e9ba04acc
SHA-256: 8247f9bd7e40bb6ec8e0e70caab1f317209144ee36cab2fbc135512014bcb747
 
PPC:
mutt-1.5.20-4.20091214hg736b6a.el6_5.ppc64.rpm
File outdated by:  RHBA-2014:0945
    MD5: 8c99f483873b0d7f1f8a3eb101bc411e
SHA-256: c16ef8ca6e411413e067c93924cadced50c58dfffebbded527829c3e69d7d056
mutt-debuginfo-1.5.20-4.20091214hg736b6a.el6_5.ppc64.rpm
File outdated by:  RHBA-2014:0945
    MD5: 311026686b1ed5e49c1604dd65959c5a
SHA-256: 608b99ef3ac1b5f806818a9e3982c21914f8e70e088485de56f01fbc0afefbee
 
s390x:
mutt-1.5.20-4.20091214hg736b6a.el6_5.s390x.rpm
File outdated by:  RHBA-2014:0945
    MD5: a39989b03c6682bf0b87cdbbe7dbf516
SHA-256: b9e57b989f9fa08c9972a44d85f1304ffbf473bd8dc77d390d4de59522c045d8
mutt-debuginfo-1.5.20-4.20091214hg736b6a.el6_5.s390x.rpm
File outdated by:  RHBA-2014:0945
    MD5: d3a9b11dd32435b2115cedeff23ddb38
SHA-256: ec7cb5110d544d96316d4009e248d312ae0d9097e0bed6ae5f9c838100890ab9
 
x86_64:
mutt-1.5.20-4.20091214hg736b6a.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:0945
    MD5: 7e7f64bc31bca0380db46174e7a4f5b7
SHA-256: bff7cc19fab3ee0e4114369ae64ff9510a922e82e560cfd009efe4b9d981d529
mutt-debuginfo-1.5.20-4.20091214hg736b6a.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:0945
    MD5: defb8372eb2e88f68a35b31ac36a9bd0
SHA-256: 3ff4e89dca1d1f9fa890a4c825e46c2b6140309507c6efd9540b9b833c7a4f96
 
Red Hat Enterprise Linux Server AUS (v. 6.5)

SRPMS:
mutt-1.5.20-4.20091214hg736b6a.el6_5.src.rpm
File outdated by:  RHBA-2014:0945
    MD5: 63aaf6f8596be97cfc2ca069667505ed
SHA-256: 2975884c396d7f88f43de178028f8759fd1b0eb50bb709d0285ddbda9edfdbee
 
x86_64:
mutt-1.5.20-4.20091214hg736b6a.el6_5.x86_64.rpm     MD5: 7e7f64bc31bca0380db46174e7a4f5b7
SHA-256: bff7cc19fab3ee0e4114369ae64ff9510a922e82e560cfd009efe4b9d981d529
mutt-debuginfo-1.5.20-4.20091214hg736b6a.el6_5.x86_64.rpm     MD5: defb8372eb2e88f68a35b31ac36a9bd0
SHA-256: 3ff4e89dca1d1f9fa890a4c825e46c2b6140309507c6efd9540b9b833c7a4f96
 
Red Hat Enterprise Linux Server EUS (v. 6.5.z)

SRPMS:
mutt-1.5.20-4.20091214hg736b6a.el6_5.src.rpm
File outdated by:  RHBA-2014:0945
    MD5: 63aaf6f8596be97cfc2ca069667505ed
SHA-256: 2975884c396d7f88f43de178028f8759fd1b0eb50bb709d0285ddbda9edfdbee
 
IA-32:
mutt-1.5.20-4.20091214hg736b6a.el6_5.i686.rpm     MD5: bc63be4f6d56453d59046b82b2e479ce
SHA-256: f8fc3ee90cc3ea59eb66e31208a5214bea701d609e56fedaf46f60e9a7a32108
mutt-debuginfo-1.5.20-4.20091214hg736b6a.el6_5.i686.rpm     MD5: b1f2ccaaa3efd173d7a05a2e9ba04acc
SHA-256: 8247f9bd7e40bb6ec8e0e70caab1f317209144ee36cab2fbc135512014bcb747
 
PPC:
mutt-1.5.20-4.20091214hg736b6a.el6_5.ppc64.rpm     MD5: 8c99f483873b0d7f1f8a3eb101bc411e
SHA-256: c16ef8ca6e411413e067c93924cadced50c58dfffebbded527829c3e69d7d056
mutt-debuginfo-1.5.20-4.20091214hg736b6a.el6_5.ppc64.rpm     MD5: 311026686b1ed5e49c1604dd65959c5a
SHA-256: 608b99ef3ac1b5f806818a9e3982c21914f8e70e088485de56f01fbc0afefbee
 
s390x:
mutt-1.5.20-4.20091214hg736b6a.el6_5.s390x.rpm     MD5: a39989b03c6682bf0b87cdbbe7dbf516
SHA-256: b9e57b989f9fa08c9972a44d85f1304ffbf473bd8dc77d390d4de59522c045d8
mutt-debuginfo-1.5.20-4.20091214hg736b6a.el6_5.s390x.rpm     MD5: d3a9b11dd32435b2115cedeff23ddb38
SHA-256: ec7cb5110d544d96316d4009e248d312ae0d9097e0bed6ae5f9c838100890ab9
 
x86_64:
mutt-1.5.20-4.20091214hg736b6a.el6_5.x86_64.rpm     MD5: 7e7f64bc31bca0380db46174e7a4f5b7
SHA-256: bff7cc19fab3ee0e4114369ae64ff9510a922e82e560cfd009efe4b9d981d529
mutt-debuginfo-1.5.20-4.20091214hg736b6a.el6_5.x86_64.rpm     MD5: defb8372eb2e88f68a35b31ac36a9bd0
SHA-256: 3ff4e89dca1d1f9fa890a4c825e46c2b6140309507c6efd9540b9b833c7a4f96
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
mutt-1.5.20-4.20091214hg736b6a.el6_5.src.rpm
File outdated by:  RHBA-2014:0945
    MD5: 63aaf6f8596be97cfc2ca069667505ed
SHA-256: 2975884c396d7f88f43de178028f8759fd1b0eb50bb709d0285ddbda9edfdbee
 
IA-32:
mutt-1.5.20-4.20091214hg736b6a.el6_5.i686.rpm
File outdated by:  RHBA-2014:0945
    MD5: bc63be4f6d56453d59046b82b2e479ce
SHA-256: f8fc3ee90cc3ea59eb66e31208a5214bea701d609e56fedaf46f60e9a7a32108
mutt-debuginfo-1.5.20-4.20091214hg736b6a.el6_5.i686.rpm
File outdated by:  RHBA-2014:0945
    MD5: b1f2ccaaa3efd173d7a05a2e9ba04acc
SHA-256: 8247f9bd7e40bb6ec8e0e70caab1f317209144ee36cab2fbc135512014bcb747
 
x86_64:
mutt-1.5.20-4.20091214hg736b6a.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:0945
    MD5: 7e7f64bc31bca0380db46174e7a4f5b7
SHA-256: bff7cc19fab3ee0e4114369ae64ff9510a922e82e560cfd009efe4b9d981d529
mutt-debuginfo-1.5.20-4.20091214hg736b6a.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:0945
    MD5: defb8372eb2e88f68a35b31ac36a9bd0
SHA-256: 3ff4e89dca1d1f9fa890a4c825e46c2b6140309507c6efd9540b9b833c7a4f96
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1075860 - CVE-2014-0467 mutt: heap-based buffer overflow when parsing certain headers


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/