Red Hat 9038 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: mutt security update
Advisory ID: RHSA-2007:0386-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0386.html
Issue date: 2007-06-04
Updated on: 2007-06-04
Product: Red Hat Enterprise Linux
Keywords: O_EXCL NFS /tmp race APOP gecos buffer overflow
CVE Names: CVE-2006-5297 CVE-2007-1558 CVE-2007-2683
- ---------------------------------------------------------------------

1. Summary:

An updated mutt package that fixes several security bugs is now available for
Red Hat Enterprise Linux 3, 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

Mutt is a text-mode mail user agent.

A flaw was found in the way Mutt used temporary files on NFS file systems.
Due to an implementation issue in the NFS protocol, Mutt was not able to
exclusively open a new file. A local attacker could conduct a
time-dependent attack and possibly gain access to e-mail attachments opened
by a victim. (CVE-2006-5297)

A flaw was found in the way Mutt processed certain APOP authentication
requests. By sending certain responses when mutt attempted to authenticate
against an APOP server, a remote attacker could potentially acquire certain
portions of a user's authentication credentials. (CVE-2007-1558)

A flaw was found in the way Mutt handled certain characters in gecos fields
which could lead to a buffer overflow. The gecos field is an entry in the
password database typically used to record general information about the
user. A local attacker could give themselves a carefully crafted "Real
Name" which could execute arbitrary code if a victim uses Mutt and expands
the attackers alias. (CVE-2007-2683)

All users of mutt should upgrade to this updated package, which
contains a backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

211085 - CVE-2006-5297 Multiple mutt tempfile race conditions
239890 - CVE-2007-2683 Buffer overflow in mutt's gecos structure handling
241191 - CVE-2007-1558 fetchmail, mutt: APOP vulnerability

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mutt-1.4.1-5.el3.src.rpm
8384ce3449be51139647256577f84079 mutt-1.4.1-5.el3.src.rpm

i386:
2491e70c876b4261c801f5d8f08bb392 mutt-1.4.1-5.el3.i386.rpm
1557e00f1cd38f8d24cc707363793ea3 mutt-debuginfo-1.4.1-5.el3.i386.rpm

ia64:
c62127857df26687f905249b271b27d6 mutt-1.4.1-5.el3.ia64.rpm
ff52f817fd6db94baf417635d76ca993 mutt-debuginfo-1.4.1-5.el3.ia64.rpm

ppc:
57497e15115caf7d52e7d91ac3e2f554 mutt-1.4.1-5.el3.ppc.rpm
5a828897f38f449d14dc81df2cc3d030 mutt-debuginfo-1.4.1-5.el3.ppc.rpm

s390:
84e28ce45290142edb5c79c8673a94ee mutt-1.4.1-5.el3.s390.rpm
321a9791a147132da1b6e775f11b6157 mutt-debuginfo-1.4.1-5.el3.s390.rpm

s390x:
ae6de5d72918b2e786cc8b716ee394e2 mutt-1.4.1-5.el3.s390x.rpm
985bd21c814921bd775a698210f88a97 mutt-debuginfo-1.4.1-5.el3.s390x.rpm

x86_64:
0abea22f29179dd610cf494a5fd6323a mutt-1.4.1-5.el3.x86_64.rpm
65304e5afd0ae6cfaa6bf9aa25a54b89 mutt-debuginfo-1.4.1-5.el3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mutt-1.4.1-5.el3.src.rpm
8384ce3449be51139647256577f84079 mutt-1.4.1-5.el3.src.rpm

i386:
2491e70c876b4261c801f5d8f08bb392 mutt-1.4.1-5.el3.i386.rpm
1557e00f1cd38f8d24cc707363793ea3 mutt-debuginfo-1.4.1-5.el3.i386.rpm

x86_64:
0abea22f29179dd610cf494a5fd6323a mutt-1.4.1-5.el3.x86_64.rpm
65304e5afd0ae6cfaa6bf9aa25a54b89 mutt-debuginfo-1.4.1-5.el3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mutt-1.4.1-5.el3.src.rpm
8384ce3449be51139647256577f84079 mutt-1.4.1-5.el3.src.rpm

i386:
2491e70c876b4261c801f5d8f08bb392 mutt-1.4.1-5.el3.i386.rpm
1557e00f1cd38f8d24cc707363793ea3 mutt-debuginfo-1.4.1-5.el3.i386.rpm

ia64:
c62127857df26687f905249b271b27d6 mutt-1.4.1-5.el3.ia64.rpm
ff52f817fd6db94baf417635d76ca993 mutt-debuginfo-1.4.1-5.el3.ia64.rpm

x86_64:
0abea22f29179dd610cf494a5fd6323a mutt-1.4.1-5.el3.x86_64.rpm
65304e5afd0ae6cfaa6bf9aa25a54b89 mutt-debuginfo-1.4.1-5.el3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mutt-1.4.1-5.el3.src.rpm
8384ce3449be51139647256577f84079 mutt-1.4.1-5.el3.src.rpm

i386:
2491e70c876b4261c801f5d8f08bb392 mutt-1.4.1-5.el3.i386.rpm
1557e00f1cd38f8d24cc707363793ea3 mutt-debuginfo-1.4.1-5.el3.i386.rpm

ia64:
c62127857df26687f905249b271b27d6 mutt-1.4.1-5.el3.ia64.rpm
ff52f817fd6db94baf417635d76ca993 mutt-debuginfo-1.4.1-5.el3.ia64.rpm

x86_64:
0abea22f29179dd610cf494a5fd6323a mutt-1.4.1-5.el3.x86_64.rpm
65304e5afd0ae6cfaa6bf9aa25a54b89 mutt-debuginfo-1.4.1-5.el3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mutt-1.4.1-12.0.3.el4.src.rpm
8b5b2979f71429bc79633117cbfea087 mutt-1.4.1-12.0.3.el4.src.rpm

i386:
f5e48dd55303f02b11e0ad769e089f9a mutt-1.4.1-12.0.3.el4.i386.rpm
81ececf788ad69d6039a988e2392f5a9 mutt-debuginfo-1.4.1-12.0.3.el4.i386.rpm

ia64:
b68fe87f13d4d4349c2fe1227633d96c mutt-1.4.1-12.0.3.el4.ia64.rpm
717faa7fc078ca31defa0a4c5b80e6ae mutt-debuginfo-1.4.1-12.0.3.el4.ia64.rpm

ppc:
483f45a70c44269805327a0b388627a8 mutt-1.4.1-12.0.3.el4.ppc.rpm
7cc5ea2c5d775e4d5395ba7f2ea20889 mutt-debuginfo-1.4.1-12.0.3.el4.ppc.rpm

s390:
4ea9d9bca972ee5bde1a032438390f9d mutt-1.4.1-12.0.3.el4.s390.rpm
874c2ea45149778945a88187275192d8 mutt-debuginfo-1.4.1-12.0.3.el4.s390.rpm

s390x:
f9ac874d0337bad04384342c1a97e3ba mutt-1.4.1-12.0.3.el4.s390x.rpm
b29931e0f331e68d1a3c233650cfefca mutt-debuginfo-1.4.1-12.0.3.el4.s390x.rpm

x86_64:
eb57c8f98d7efd4bed436348b3ab0d1d mutt-1.4.1-12.0.3.el4.x86_64.rpm
ee4049d6821d5595ee6487f5b72e72f0 mutt-debuginfo-1.4.1-12.0.3.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mutt-1.4.1-12.0.3.el4.src.rpm
8b5b2979f71429bc79633117cbfea087 mutt-1.4.1-12.0.3.el4.src.rpm

i386:
f5e48dd55303f02b11e0ad769e089f9a mutt-1.4.1-12.0.3.el4.i386.rpm
81ececf788ad69d6039a988e2392f5a9 mutt-debuginfo-1.4.1-12.0.3.el4.i386.rpm

x86_64:
eb57c8f98d7efd4bed436348b3ab0d1d mutt-1.4.1-12.0.3.el4.x86_64.rpm
ee4049d6821d5595ee6487f5b72e72f0 mutt-debuginfo-1.4.1-12.0.3.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mutt-1.4.1-12.0.3.el4.src.rpm
8b5b2979f71429bc79633117cbfea087 mutt-1.4.1-12.0.3.el4.src.rpm

i386:
f5e48dd55303f02b11e0ad769e089f9a mutt-1.4.1-12.0.3.el4.i386.rpm
81ececf788ad69d6039a988e2392f5a9 mutt-debuginfo-1.4.1-12.0.3.el4.i386.rpm

ia64:
b68fe87f13d4d4349c2fe1227633d96c mutt-1.4.1-12.0.3.el4.ia64.rpm
717faa7fc078ca31defa0a4c5b80e6ae mutt-debuginfo-1.4.1-12.0.3.el4.ia64.rpm

x86_64:
eb57c8f98d7efd4bed436348b3ab0d1d mutt-1.4.1-12.0.3.el4.x86_64.rpm
ee4049d6821d5595ee6487f5b72e72f0 mutt-debuginfo-1.4.1-12.0.3.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mutt-1.4.1-12.0.3.el4.src.rpm
8b5b2979f71429bc79633117cbfea087 mutt-1.4.1-12.0.3.el4.src.rpm

i386:
f5e48dd55303f02b11e0ad769e089f9a mutt-1.4.1-12.0.3.el4.i386.rpm
81ececf788ad69d6039a988e2392f5a9 mutt-debuginfo-1.4.1-12.0.3.el4.i386.rpm

ia64:
b68fe87f13d4d4349c2fe1227633d96c mutt-1.4.1-12.0.3.el4.ia64.rpm
717faa7fc078ca31defa0a4c5b80e6ae mutt-debuginfo-1.4.1-12.0.3.el4.ia64.rpm

x86_64:
eb57c8f98d7efd4bed436348b3ab0d1d mutt-1.4.1-12.0.3.el4.x86_64.rpm
ee4049d6821d5595ee6487f5b72e72f0 mutt-debuginfo-1.4.1-12.0.3.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/mutt-1.4.2.2-3.0.2.el5.src.rpm
c7d486555a31e762e5c79f7691ba7f19 mutt-1.4.2.2-3.0.2.el5.src.rpm

i386:
1a6a3d9926ff827a50d7fefd3ab005a6 mutt-1.4.2.2-3.0.2.el5.i386.rpm
56c0a075cc057fa5370209560a7edd8a mutt-debuginfo-1.4.2.2-3.0.2.el5.i386.rpm

x86_64:
49a78928ccb308daadf1d125a0fabd55 mutt-1.4.2.2-3.0.2.el5.x86_64.rpm
aa2871fb4a822a6fe1877b5e9e43e8bc mutt-debuginfo-1.4.2.2-3.0.2.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/mutt-1.4.2.2-3.0.2.el5.src.rpm
c7d486555a31e762e5c79f7691ba7f19 mutt-1.4.2.2-3.0.2.el5.src.rpm

i386:
1a6a3d9926ff827a50d7fefd3ab005a6 mutt-1.4.2.2-3.0.2.el5.i386.rpm
56c0a075cc057fa5370209560a7edd8a mutt-debuginfo-1.4.2.2-3.0.2.el5.i386.rpm

ia64:
2b8b495900de249098a271b4636744f9 mutt-1.4.2.2-3.0.2.el5.ia64.rpm
4d2636c4c23c82304b0c4f585610b973 mutt-debuginfo-1.4.2.2-3.0.2.el5.ia64.rpm

ppc:
de51bdae7b7e88051b090fb70bdcc1d1 mutt-1.4.2.2-3.0.2.el5.ppc.rpm
694fe3b6cae509ffd38cb9a046d81e1e mutt-debuginfo-1.4.2.2-3.0.2.el5.ppc.rpm

s390x:
5d67045d1f2c21dfb113daed38e6f14c mutt-1.4.2.2-3.0.2.el5.s390x.rpm
f7bdaad602781761e79f1f97a7df18b1 mutt-debuginfo-1.4.2.2-3.0.2.el5.s390x.rpm

x86_64:
49a78928ccb308daadf1d125a0fabd55 mutt-1.4.2.2-3.0.2.el5.x86_64.rpm
aa2871fb4a822a6fe1877b5e9e43e8bc mutt-debuginfo-1.4.2.2-3.0.2.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2683
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFGY8evXlSAg2UNWIIRAk1uAJ9TJouyU/cuZwtFKNQ27icrOfiloQCgl0mG
BsHIHp/rTGQnkb1FHjRBRgs=
=MmNY
-----END PGP SIGNATURE-----