Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 498
Alerts This Week
Warning Icon 1 498

Fedora 24: FEDORA-2016-b65e546846 Moderate: php-swiftmailer RCE Alert

fedora
Calendar Grey January 9, 2017
Dist Fedora Esm H88
A patch for php-swiftmailer in Fedora 24 addresses a severe remote code execution vulnerability, enhancing email safety.
**Version 5.4.5** (2016-12-29) * SECURITY FIX: fixed CVE-2016-10074 by disallowing potentially unsafe shell characters Prior to 5.4.5, the mail transport (Swift_Transport_MailTr...

Summary

Swift Mailer integrates into any web app written in PHP, offering a

flexible and elegant object-oriented approach to sending emails with

a multitude of features.

Autoloader: /usr/share/php/Swift/swift_required.php

Update Information:

**Version 5.4.5** (2016-12-29) * SECURITY FIX: fixed CVE-2016-10074 by disallowing potentially unsafe shell characters Prior to 5.4.5, the mail transport (Swift_Transport_MailTransport) was vulnerable to passing arbitrary shell arguments if the "From", "ReturnPath" or "Sender" header came from a non-trusted source, potentially allowing Remote Code Execution * deprecated the mail transport

Change Log

References


[ 1 ] Bug #1409517 - CVE-2016-10074 php-swiftmailer: Parameter injection via mail() function https://bugzilla.redhat.com/show_bug.cgi?id=1409517

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade php-swiftmailer' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
important
Lowest
Low
Medium
High
Critical

Name: php-swiftmailer
Product: Fedora 24
Version: 5.4.5
Release: 1.fc24
Summary: Free Feature-rich PHP Mailer

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.