Hi RedHat-6.0 is not vulnerable because it ships with imap-4.5, which has this hole fixed. However, RedHat-5.2 and Redhat-4.2 ship with imap-4.4, which has this REMOTE security hole. You probably want to ship an errata upgrading to imap-4.5
Fixed in imap-4.5-0.5.2 # <= for Red Hat 5.x imap-4.5-0.4.2 # <= for Red Hat 4.x Thanks for the report.
These should go out as errata and need to be tested.
Signed packages copied to ftp site.