Fedora 10: php-pear-Mail Security Update

    Date 30 Nov 2009
    184
    Posted By LinuxSecurity Advisories
    Fix CVE-2009-4023, CVE-2009-4111 PEAR's Mail class did not properly escape content of mail header fields, when using the sendmail backend. A remote attacker could send an email message, with specially-crafted headers to local user, leading to disclosure of content and potentially, to modification of arbitrary system file, once the email message was processed by the PEAR's Mail
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2009-12439
    2009-12-01 03:23:06
    --------------------------------------------------------------------------------
    
    Name        : php-pear-Mail
    Product     : Fedora 10
    Version     : 1.1.14
    Release     : 5.fc10
    URL         : https://pear.php.net/package/Mail
    Summary     : Class that provides multiple interfaces for sending emails
    Description :
    PEAR's Mail package defines an interface for implementing mailers under the
    PEAR hierarchy.  It also provides supporting functions useful to multiple
    mailer backends.  Currently supported backends include: PHP's native
    mail() function, sendmail, and SMTP.  This package also provides a RFC822
    email address list validation utility class.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    Fix CVE-2009-4023, CVE-2009-4111    PEAR's Mail class did not properly escape
    content of mail header fields, when using the sendmail backend. A remote
    attacker could send an email message, with specially-crafted headers to local
    user, leading to disclosure of content and potentially, to modification of
    arbitrary system file, once the email message was processed by the PEAR's Mail
    class.
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Fri Nov 27 2009 Remi Collet  1.1.14-5
    - Fix CVE-2009-4023 (#540842)
    - rename Mail.xml to php-pear-Mail.xml
    * Sun Jul 26 2009 Fedora Release Engineering  - 1.1.14-4
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
    * Thu Feb 26 2009 Fedora Release Engineering  - 1.1.14-3
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #540842 - CVE-2009-4023 php-pear-Mail: Absent sanitization of mail header fields
            https://bugzilla.redhat.com/show_bug.cgi?id=540842
    --------------------------------------------------------------------------------
    
    This update can be installed with the "yum" update program.  Use 
    su -c 'yum update php-pear-Mail' at the command line.
    For more information, refer to "Managing Software with yum",
    available at https://docs.fedoraproject.org/yum/.
    
    All packages are signed with the Fedora Project GPG key.  More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    
    _______________________________________________
    Fedora-package-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/fedora-package-announce
    

    LinuxSecurity Poll

    If you are using full-disk encryption: are you concerned about the resulting performance hit?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/34-if-you-are-using-full-disk-encryption-are-you-concerned-about-the-resulting-performance-hit?task=poll.vote&format=json
    34
    radio
    [{"id":"120","title":"Yes","votes":"14","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"121","title":"No ","votes":"10","type":"x","order":"2","pct":41.67,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.