Linux Security
    Linux Security
    Linux Security

    Debian: DSA-2805-1: sup-mail security update

    Date 27 Nov 2013
    125
    Posted By LinuxSecurity Advisories
    joernchen of Phenoelit discovered two command injection flaws in Sup, a console-based email client. An attacker might execute arbitrary command if the user opens a maliciously crafted email.
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-2805-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                             Luciano Bello
    November 27, 2013                      https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : sup-mail
    Vulnerability  : command injection
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CVE-2013-4478 CVE-2013-4479
    Debian Bug     : 728232
    
    joernchen of Phenoelit discovered two command injection flaws in Sup, a
    console-based email client. An attacker might execute arbitrary command 
    if the user opens a maliciously crafted email.
    
    CVE-2013-4478
    
        Sup wrongly handled the filename of attachments.
    
    CVE-2013-4479
    
        Sup did not sanitize the content-type of attachments.
    
    For the oldstable distribution (squeeze), these problems have been fixed in
    version 0.11-2+nmu1+deb6u1.
    
    For the stable distribution (wheezy), these problems have been fixed in
    version 0.12.1+git20120407.aaa852f-1+deb7u1.
    
    We recommend that you upgrade your sup-mail packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    Advisories

    LinuxSecurity Poll

    No results found.

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.