New mutt packages that fix a remotely-triggerable crash in the menu drawing code are now available.
Mutt is a text-mode mail user agent. A bug was found in the index menu code in versions of mutt. A remote attacker could send a carefully crafted mail message that can cause mutt to segfault and possibly execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0078 to this issue. It is recommended that all mutt users upgrade to these updated packages, which contain a backported security patch and are not vulnerable to this issue. CentOS would like to thank Niels Heinen for reporting this issue. Note: mutt-126.96.36.199 in CentOS Linux 2.1 is not vulnerable to this issue.