Updated mailx packages that fix two security issues are now available forRed Hat Enterprise Linux 6 and 7.Red Hat Product Security has rated this update as having Moderate securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

The mailx packages contain a mail user agent that is used to manage mailusing scripts.A flaw was found in the way mailx handled the parsing of email addresses.A syntactically valid email address could allow a local attacker to causemailx to execute arbitrary shell commands through shell meta-characters andthe direct command execution functionality. (CVE-2004-2771, CVE-2014-7844)Note: Applications using mailx to send email to addresses obtained fromuntrusted sources will still remain vulnerable to other attacks if theyaccept email addresses which start with “-” (so that they can be confusedwith mailx options). To counteract this issue, this update also introducesthe “–” option, which will treat the remaining command line arguments asemail addresses.All mailx users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.This update is available via the Red Hat Network. Details on how to use theRed Hat Network to apply this update are available athttps://access.redhat.com/articles/11258Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
mailx-12.4-8.el6_6.src.rpm
    MD5: dd6f1391c89a1a0ffa14119251277131SHA-256: 95b2c1e8c989b5572d88d87cb1da09947cdd51a2a1ee95a194deec7f39093fe9
 
IA-32:
mailx-12.4-8.el6_6.i686.rpm
    MD5: f24684c11262b4c0fd005b0ad8ef1f9fSHA-256: 6466b01e70c1bd6d28957f0e72476d6901d3ade8e08e90005357ec209aaea9fe
mailx-debuginfo-12.4-8.el6_6.i686.rpm
    MD5: 1e0e9a2ede1bb5fff25bfa44f3e9c804SHA-256: 4ab552fcbd73367bd43443f116850a9f54f35ce3b8ab69b9fcaaf74c5d389866
 
x86_64:
mailx-12.4-8.el6_6.x86_64.rpm
    MD5: 75ab93182eec05a50359660ed1b53b5eSHA-256: 7292d31d3812fd107fdbf09e773b6a2ad5c3b7dca3a2e2eed00a64251ee5bf51
mailx-debuginfo-12.4-8.el6_6.x86_64.rpm
    MD5: 12caa2a319cde922c5f2c7d36dd13164SHA-256: 13ace56f3762b100e3dacbbe5a1d88982e0cb2e8de00a75320db213af46e4f1d
 
Red Hat Enterprise Linux Desktop (v. 7)

SRPMS:
mailx-12.5-12.el7_0.src.rpm
    MD5: 56800c372d1560343b726a0811504f01SHA-256: 196bcb56d40d53f6efa5f58e18a5eefbbd34c4513fb7235238aa8c3255694721
 
x86_64:
mailx-12.5-12.el7_0.x86_64.rpm
    MD5: 718f82d53dcc063c9457ac17ced77fb1SHA-256: 5142bf4e15c3c48817eb9fef27095f5311f10cc7664eb5daeb79b4f7c094dbb8
mailx-debuginfo-12.5-12.el7_0.x86_64.rpm
    MD5: a1f343008812a3abafd4a1634fd1f659SHA-256: c340ad595fc7b26ace57f1a3bf8c31cb6edfd9eac1a3c61a3f1f15145ceaea3b
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
mailx-12.4-8.el6_6.src.rpm
    MD5: dd6f1391c89a1a0ffa14119251277131SHA-256: 95b2c1e8c989b5572d88d87cb1da09947cdd51a2a1ee95a194deec7f39093fe9
 
x86_64:
mailx-12.4-8.el6_6.x86_64.rpm
    MD5: 75ab93182eec05a50359660ed1b53b5eSHA-256: 7292d31d3812fd107fdbf09e773b6a2ad5c3b7dca3a2e2eed00a64251ee5bf51
mailx-debuginfo-12.4-8.el6_6.x86_64.rpm
    MD5: 12caa2a319cde922c5f2c7d36dd13164SHA-256: 13ace56f3762b100e3dacbbe5a1d88982e0cb2e8de00a75320db213af46e4f1d
 
Red Hat Enterprise Linux HPC Node (v. 7)

SRPMS:
mailx-12.5-12.el7_0.src.rpm
    MD5: 56800c372d1560343b726a0811504f01SHA-256: 196bcb56d40d53f6efa5f58e18a5eefbbd34c4513fb7235238aa8c3255694721
 
x86_64:
mailx-12.5-12.el7_0.x86_64.rpm
    MD5: 718f82d53dcc063c9457ac17ced77fb1SHA-256: 5142bf4e15c3c48817eb9fef27095f5311f10cc7664eb5daeb79b4f7c094dbb8
mailx-debuginfo-12.5-12.el7_0.x86_64.rpm
    MD5: a1f343008812a3abafd4a1634fd1f659SHA-256: c340ad595fc7b26ace57f1a3bf8c31cb6edfd9eac1a3c61a3f1f15145ceaea3b
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
mailx-12.4-8.el6_6.src.rpm
    MD5: dd6f1391c89a1a0ffa14119251277131SHA-256: 95b2c1e8c989b5572d88d87cb1da09947cdd51a2a1ee95a194deec7f39093fe9
 
IA-32:
mailx-12.4-8.el6_6.i686.rpm
    MD5: f24684c11262b4c0fd005b0ad8ef1f9fSHA-256: 6466b01e70c1bd6d28957f0e72476d6901d3ade8e08e90005357ec209aaea9fe
mailx-debuginfo-12.4-8.el6_6.i686.rpm
    MD5: 1e0e9a2ede1bb5fff25bfa44f3e9c804SHA-256: 4ab552fcbd73367bd43443f116850a9f54f35ce3b8ab69b9fcaaf74c5d389866
 
PPC:
mailx-12.4-8.el6_6.ppc64.rpm
    MD5: 16d29a45f5caf9b70bef21d832457a9bSHA-256: 52c556cbb2d2fa393af376eda4939dc375fd934025900a044561a5e0e0bc19ea
mailx-debuginfo-12.4-8.el6_6.ppc64.rpm
    MD5: 8f6d4721626897af9349c0f4280bf1faSHA-256: 2054598caf59f6aa7075da9cb664d73df9e598e42066f7ed735a5cb0ed29de63
 
s390x:
mailx-12.4-8.el6_6.s390x.rpm
    MD5: 1a7e75403abbfcafe5f7a1d51c2e0609SHA-256: 6f3fe5ab64e5cdbc8b3a1627ae66922a374fc99b847f340cdaddd25d7048753c
mailx-debuginfo-12.4-8.el6_6.s390x.rpm
    MD5: e2b39fd98d94ec84f3f0ccab173e270cSHA-256: a800c55f9105bdd37636f0c43988c3424d14a7f9639fd6bc061a2cf00c4e3e74
 
x86_64:
mailx-12.4-8.el6_6.x86_64.rpm
    MD5: 75ab93182eec05a50359660ed1b53b5eSHA-256: 7292d31d3812fd107fdbf09e773b6a2ad5c3b7dca3a2e2eed00a64251ee5bf51
mailx-debuginfo-12.4-8.el6_6.x86_64.rpm
    MD5: 12caa2a319cde922c5f2c7d36dd13164SHA-256: 13ace56f3762b100e3dacbbe5a1d88982e0cb2e8de00a75320db213af46e4f1d
 
Red Hat Enterprise Linux Server (v. 7)

SRPMS:
mailx-12.5-12.el7_0.src.rpm
    MD5: 56800c372d1560343b726a0811504f01SHA-256: 196bcb56d40d53f6efa5f58e18a5eefbbd34c4513fb7235238aa8c3255694721
 
PPC:
mailx-12.5-12.el7_0.ppc64.rpm
    MD5: 22e2bc5b8089044f317e120766252a66SHA-256: fadbbde97fc0228aabb607ac53813248d51ef1d293ec03d26241635128eedc8f
mailx-debuginfo-12.5-12.el7_0.ppc64.rpm
    MD5: 9b97271fee0367cf5fcdd8652e44d053SHA-256: c01c78125863426e4186dd78dac1751ead5727131ce0714aeaf2ed1774f2b619
 
s390x:
mailx-12.5-12.el7_0.s390x.rpm
    MD5: 16bb00ef9ba48a8e7cd4b1fbb5c54d9fSHA-256: bfefafda95df34d8386ee679ca00df42694c90b27ef82d9154f6a63306bb766f
mailx-debuginfo-12.5-12.el7_0.s390x.rpm
    MD5: 3dd038798bbeacabfb90e078b9dc7c6bSHA-256: efc4a01ff82157e83436b8e5625befb397f6fe906e79f9d01675c4657e168648
 
x86_64:
mailx-12.5-12.el7_0.x86_64.rpm
    MD5: 718f82d53dcc063c9457ac17ced77fb1SHA-256: 5142bf4e15c3c48817eb9fef27095f5311f10cc7664eb5daeb79b4f7c094dbb8
mailx-debuginfo-12.5-12.el7_0.x86_64.rpm
    MD5: a1f343008812a3abafd4a1634fd1f659SHA-256: c340ad595fc7b26ace57f1a3bf8c31cb6edfd9eac1a3c61a3f1f15145ceaea3b
 
Red Hat Enterprise Linux Server EUS (v. 6.6.z)

SRPMS:
mailx-12.4-8.el6_6.src.rpm
    MD5: dd6f1391c89a1a0ffa14119251277131SHA-256: 95b2c1e8c989b5572d88d87cb1da09947cdd51a2a1ee95a194deec7f39093fe9
 
IA-32:
mailx-12.4-8.el6_6.i686.rpm
    MD5: f24684c11262b4c0fd005b0ad8ef1f9fSHA-256: 6466b01e70c1bd6d28957f0e72476d6901d3ade8e08e90005357ec209aaea9fe
mailx-debuginfo-12.4-8.el6_6.i686.rpm
    MD5: 1e0e9a2ede1bb5fff25bfa44f3e9c804SHA-256: 4ab552fcbd73367bd43443f116850a9f54f35ce3b8ab69b9fcaaf74c5d389866
 
PPC:
mailx-12.4-8.el6_6.ppc64.rpm
    MD5: 16d29a45f5caf9b70bef21d832457a9bSHA-256: 52c556cbb2d2fa393af376eda4939dc375fd934025900a044561a5e0e0bc19ea
mailx-debuginfo-12.4-8.el6_6.ppc64.rpm
    MD5: 8f6d4721626897af9349c0f4280bf1faSHA-256: 2054598caf59f6aa7075da9cb664d73df9e598e42066f7ed735a5cb0ed29de63
 
s390x:
mailx-12.4-8.el6_6.s390x.rpm
    MD5: 1a7e75403abbfcafe5f7a1d51c2e0609SHA-256: 6f3fe5ab64e5cdbc8b3a1627ae66922a374fc99b847f340cdaddd25d7048753c
mailx-debuginfo-12.4-8.el6_6.s390x.rpm
    MD5: e2b39fd98d94ec84f3f0ccab173e270cSHA-256: a800c55f9105bdd37636f0c43988c3424d14a7f9639fd6bc061a2cf00c4e3e74
 
x86_64:
mailx-12.4-8.el6_6.x86_64.rpm
    MD5: 75ab93182eec05a50359660ed1b53b5eSHA-256: 7292d31d3812fd107fdbf09e773b6a2ad5c3b7dca3a2e2eed00a64251ee5bf51
mailx-debuginfo-12.4-8.el6_6.x86_64.rpm
    MD5: 12caa2a319cde922c5f2c7d36dd13164SHA-256: 13ace56f3762b100e3dacbbe5a1d88982e0cb2e8de00a75320db213af46e4f1d
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
mailx-12.4-8.el6_6.src.rpm
    MD5: dd6f1391c89a1a0ffa14119251277131SHA-256: 95b2c1e8c989b5572d88d87cb1da09947cdd51a2a1ee95a194deec7f39093fe9
 
IA-32:
mailx-12.4-8.el6_6.i686.rpm
    MD5: f24684c11262b4c0fd005b0ad8ef1f9fSHA-256: 6466b01e70c1bd6d28957f0e72476d6901d3ade8e08e90005357ec209aaea9fe
mailx-debuginfo-12.4-8.el6_6.i686.rpm
    MD5: 1e0e9a2ede1bb5fff25bfa44f3e9c804SHA-256: 4ab552fcbd73367bd43443f116850a9f54f35ce3b8ab69b9fcaaf74c5d389866
 
x86_64:
mailx-12.4-8.el6_6.x86_64.rpm
    MD5: 75ab93182eec05a50359660ed1b53b5eSHA-256: 7292d31d3812fd107fdbf09e773b6a2ad5c3b7dca3a2e2eed00a64251ee5bf51
mailx-debuginfo-12.4-8.el6_6.x86_64.rpm
    MD5: 12caa2a319cde922c5f2c7d36dd13164SHA-256: 13ace56f3762b100e3dacbbe5a1d88982e0cb2e8de00a75320db213af46e4f1d
 
Red Hat Enterprise Linux Workstation (v. 7)

SRPMS:
mailx-12.5-12.el7_0.src.rpm
    MD5: 56800c372d1560343b726a0811504f01SHA-256: 196bcb56d40d53f6efa5f58e18a5eefbbd34c4513fb7235238aa8c3255694721
 
x86_64:
mailx-12.5-12.el7_0.x86_64.rpm
    MD5: 718f82d53dcc063c9457ac17ced77fb1SHA-256: 5142bf4e15c3c48817eb9fef27095f5311f10cc7664eb5daeb79b4f7c094dbb8
mailx-debuginfo-12.5-12.el7_0.x86_64.rpm
    MD5: a1f343008812a3abafd4a1634fd1f659SHA-256: c340ad595fc7b26ace57f1a3bf8c31cb6edfd9eac1a3c61a3f1f15145ceaea3b
 
(The unlinked packages above are only available from the Red Hat Network)
1162783 – CVE-2004-2771 CVE-2014-7844 mailx: command execution flaw

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply