RedHat Security Advisory RHSA-2009:0275

The remote host is missing updates announced in advisory RHSA-2009:0275. The imap package provides server daemons for both the IMAP (Internet Message Access Protocol) and POP (Post Office Protocol) mail access protocols. A buffer overflow flaw was discovered in the dmail and tmail mail delivery utilities shipped with imap. If either of these utilities were used as a mail delivery agent, a remote attacker could potentially use this flaw to run arbitrary code as the targeted user by sending a specially-crafted mail message to the victim. (CVE-2008-5005) Users of imap should upgrade to these updated packages, which contain a backported patch to resolve this issue.
Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date