RHBA-2014:0945 - Bug Fix Advisory

Topic

Updated mutt packages that fix several bugs are now available for Red Hat
Enterprise Linux 6.

Description

Mutt is a low resource, highly configurable, text-based MIME e-mail
client. Mutt supports most e-mail storing formats, such as mbox and
Maildir, as well as most protocols, including POP3 and IMAP.

This update fixes the following bugs:

• Prior to this update, an internal hash referencing a specific subject in each

envelope referenced a non-existent one. As a consequence, mutt terminated with a
segmentation fault when the user attempted to synchronize mailbox after removing
one or more messages in threaded mode. With this update, the subject hash
updates correctly and the crash no longer occurs. (BZ#674271)

• Previously, the array that stores mutt message headers did not properly handle

empty header entries. This could cause mutt to terminate unexpectedly with a
segmentation fault when a change of message IDs occurred on the IMAP server, for
example when the IMAP server was connected with multiple clients while removing
messages through one of them. In this update, the handling of empty headers has
been optimized and sorting messages in the array has been streamlined. As a
result, multiple connected clients now synchronize correctly. (BZ#690409)

• Prior to this update, mutt did not correctly parse certificate files when

accessing accounts through IMAP and POP3 protocols. Consequently, mutt
terminated unexpectedly with a segmentation fault when attempting to access an
IMAP or POP3 account. This update fixes the parsing process and accessing an
IMAP or POP3 account now functions as intended. (BZ#750929)

• Previously, a bug prevented mutt's interactive certificate verification from

working properly. As a consequence, mutt terminated unexpectedly with a
segmentation fault when the user tried to send an e-mail message from the
command line to a TLS server, for which mutt had not received the certificate
yet. With this update, mutt's interactive certificate verification has been
fixed and the described crash no longer occurs. (BZ#1083524)

Users of mutt are advised to upgrade to these updated packages, which fix these
bugs.

Solution

Before applying this update, make sure all previously released errata relevant
to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x

Fixes

• BZ - 674271 - SIGSEGV when browsing pop account
• BZ - 690409 - mutt crash
• BZ - 750929 - SIGSEGV Crash while parsing certificates file

CVEs

(none)

References

(none)