An updated elm package is now available that fixes a buffer overflow issue
for CentOS Linux 2.1 AS and AW.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Elm is a terminal mode email client.
A buffer overflow flaw in Elm was discovered that was triggered by viewing
a mailbox containing a message with a carefully crafted 'Expires' header.
An attacker could create a malicious message that would execute arbitrary
code with the privileges of the user who received it. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-2665 to this issue.
Users of Elm should update to this updated package, which contains a
backported patch that corrects this issue.