Mageia 2024-0198: perl-Email-MIME Security Advisory Updates
Summary
An excessive memory use issue (CWE-770) exists in Email-MIME, before
version 1.954, which can cause denial of service when parsing multipart
MIME messages. The patch set (from 2020 and 2024) limits excessive depth
and the total number of parts. (CVE-2024-4140)
References
- https://bugs.mageia.org/show_bug.cgi?id=33248
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFD5BWGYAVLW6IO4SUNLTJCFFLHZYQGT/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4140
Resolution
MGASA-2024-0198 - Updated perl-Email-MIME packages fix security vulnerabilities
SRPMS
- 9/core/perl-Email-MIME-1.954.0-1.mga9
![Dist Mageia](/images/distros/dist-mageia.jpg)