Updated fetchmail packages are available for Red Hat Linux 6.2, 7, 7.1, 7.2, and 7.3 which close a remotely-exploitable vulnerability in unpatched versions of fetchmail prior to 5.9.10.
When retrieving mail from an IMAP server, the fetchmail e-mail client will allocate an array to store the sizes of the messages which it will attempt to fetch. The size of the array is determined by the number of messages that the server claims to have. Unpatched versions of fetchmail prior to 5.9.10 did not check whether the number of e-mails the server claimed was too high, allowing a malicious server to cause the fetchmail process to write data outside of the array bounds. Users of fetchmail are advised to upgrade to this errata package which is not vulnerable to this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0146 to this issue.