MGASA-2024-0198 - Updated perl-Email-MIME packages fix security vulnerabilities

Publication date: 29 May 2024
URL: https://advisories.mageia.org/MGASA-2024-0198.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2024-4140

An excessive memory use issue (CWE-770) exists in Email-MIME, before
version 1.954, which can cause denial of service when parsing multipart
MIME messages. The patch set (from 2020 and 2024) limits excessive depth
and the total number of parts. (CVE-2024-4140)

References:
- https://bugs.mageia.org/show_bug.cgi?id=33248
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFD5BWGYAVLW6IO4SUNLTJCFFLHZYQGT/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4140

SRPMS:
- 9/core/perl-Email-MIME-1.954.0-1.mga9

Mageia 2024-0198: perl-Email-MIME Security Advisory Updates

An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages

Summary

An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts. (CVE-2024-4140)

References

- https://bugs.mageia.org/show_bug.cgi?id=33248

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFD5BWGYAVLW6IO4SUNLTJCFFLHZYQGT/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4140

Resolution

MGASA-2024-0198 - Updated perl-Email-MIME packages fix security vulnerabilities

SRPMS

- 9/core/perl-Email-MIME-1.954.0-1.mga9

Severity
Publication date: 29 May 2024
URL: https://advisories.mageia.org/MGASA-2024-0198.html
Type: security
CVE: CVE-2024-4140

Related News