Fedora 10: php-pear-Mail Security Update
Summary
PEAR's Mail package defines an interface for implementing mailers under the
PEAR hierarchy. It also provides supporting functions useful to multiple
mailer backends. Currently supported backends include: PHP's native
mail() function, sendmail, and SMTP. This package also provides a RFC822
email address list validation utility class.
Update Information:
Fix CVE-2009-4023, CVE-2009-4111 PEAR's Mail class did not properly escape content of mail header fields, when using the sendmail backend. A remote attacker could send an email message, with specially-crafted headers to local user, leading to disclosure of content and potentially, to modification of arbitrary system file, once the email message was processed by the PEAR's Mail class.
Change Log
* Fri Nov 27 2009 Remi Collet
References
[ 1 ] Bug #540842 - CVE-2009-4023 php-pear-Mail: Absent sanitization of mail header fields https://bugzilla.redhat.com/show_bug.cgi?id=540842
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update php-pear-Mail' at the command line. For more information, refer to "Managing Software with yum", available at .