--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-12439
2009-12-01 03:23:06
--------------------------------------------------------------------------------

Name        : php-pear-Mail
Product     : Fedora 10
Version     : 1.1.14
Release     : 5.fc10
URL         : https://pear.php.net/package/Mail
Summary     : Class that provides multiple interfaces for sending emails
Description :
PEAR's Mail package defines an interface for implementing mailers under the
PEAR hierarchy.  It also provides supporting functions useful to multiple
mailer backends.  Currently supported backends include: PHP's native
mail() function, sendmail, and SMTP.  This package also provides a RFC822
email address list validation utility class.

--------------------------------------------------------------------------------
Update Information:

Fix CVE-2009-4023, CVE-2009-4111    PEAR's Mail class did not properly escape
content of mail header fields, when using the sendmail backend. A remote
attacker could send an email message, with specially-crafted headers to local
user, leading to disclosure of content and potentially, to modification of
arbitrary system file, once the email message was processed by the PEAR's Mail
class.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 27 2009 Remi Collet  1.1.14-5
- Fix CVE-2009-4023 (#540842)
- rename Mail.xml to php-pear-Mail.xml
* Sun Jul 26 2009 Fedora Release Engineering  - 1.1.14-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Thu Feb 26 2009 Fedora Release Engineering  - 1.1.14-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #540842 - CVE-2009-4023 php-pear-Mail: Absent sanitization of mail header fields
        https://bugzilla.redhat.com/show_bug.cgi?id=540842
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update php-pear-Mail' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce

Fedora 10: php-pear-Mail Security Update

December 1, 2009
Fix CVE-2009-4023, CVE-2009-4111 PEAR's Mail class did not properly escape content of mail header fields, when using the sendmail backend

Summary

PEAR's Mail package defines an interface for implementing mailers under the

PEAR hierarchy. It also provides supporting functions useful to multiple

mailer backends. Currently supported backends include: PHP's native

mail() function, sendmail, and SMTP. This package also provides a RFC822

email address list validation utility class.

Update Information:

Fix CVE-2009-4023, CVE-2009-4111 PEAR's Mail class did not properly escape content of mail header fields, when using the sendmail backend. A remote attacker could send an email message, with specially-crafted headers to local user, leading to disclosure of content and potentially, to modification of arbitrary system file, once the email message was processed by the PEAR's Mail class.

Change Log

* Fri Nov 27 2009 Remi Collet 1.1.14-5 - Fix CVE-2009-4023 (#540842) - rename Mail.xml to php-pear-Mail.xml * Sun Jul 26 2009 Fedora Release Engineering - 1.1.14-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Thu Feb 26 2009 Fedora Release Engineering - 1.1.14-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

References

[ 1 ] Bug #540842 - CVE-2009-4023 php-pear-Mail: Absent sanitization of mail header fields https://bugzilla.redhat.com/show_bug.cgi?id=540842

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update php-pear-Mail' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : php-pear-Mail
Product : Fedora 10
Version : 1.1.14
Release : 5.fc10
URL : https://pear.php.net/package/Mail
Summary : Class that provides multiple interfaces for sending emails

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved