MGASA-2024-0198 - Updated perl-Email-MIME packages fix security vulnerabilities

Publication date: 29 May 2024
URL: https://advisories.mageia.org/MGASA-2024-0198.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2024-4140

An excessive memory use issue (CWE-770) exists in Email-MIME, before
version 1.954, which can cause denial of service when parsing multipart
MIME messages. The patch set (from 2020 and 2024) limits excessive depth
and the total number of parts. (CVE-2024-4140)

References:
- https://bugs.mageia.org/show_bug.cgi?id=33248
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFD5BWGYAVLW6IO4SUNLTJCFFLHZYQGT/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4140

SRPMS:
- 9/core/perl-Email-MIME-1.954.0-1.mga9

Mageia 2024-0198: perl-Email-MIME Security Advisory Updates

An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages

Summary

An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts. (CVE-2024-4140)

References

- https://bugs.mageia.org/show_bug.cgi?id=33248

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFD5BWGYAVLW6IO4SUNLTJCFFLHZYQGT/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4140

Resolution

MGASA-2024-0198 - Updated perl-Email-MIME packages fix security vulnerabilities

SRPMS

- 9/core/perl-Email-MIME-1.954.0-1.mga9

Severity
Publication date: 29 May 2024
URL: https://advisories.mageia.org/MGASA-2024-0198.html
Type: security
CVE: CVE-2024-4140

Related News

32.Lock Code Circular Esm H170
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its
1.Penguin Landscape Esm H170
2 - 3 min read
On Independence Day, there is a deep recognition of digital autonomy amidst the colorful fireworks displays and patriotic revelry. At LinuxSecurity,
20.Lock AbstractDigital Circular Esm H170
2 - 3 min read
Google has released fixes for a high-severity Chromium security flaw ( CVE-2024-5274 ) impacting its widely used Chrome browser and other
11.Locks IsometricPattern Esm H170
2 - 4 min read
Linux Mint is a user-friendly GNU/Linux desktop distribution built upon Ubuntu and Debian for maximum reliability while offering an aesthetically
32.Lock Code Circular Esm H170
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
27.Tablet Connections Blocks Lock Esm H170
2 - 4 min read
Debian recently unveiled a significant update to its stable distribution, Debian 12.6 (codename "bookworm"). While not an entirely new release, this
8.Locks HexConnections CodeGlobe Esm H170
2 - 4 min read
Canonical has made headlines with its groundbreaking long-term support (LTS) service offering to extend far beyond Ubuntu deb packages, promising 12
14.Lock Code WorldMap Esm H170
2 - 4 min read
Government agencies are drawing attention to an issue plaguing open-source communities: memory-unsafe languages. A study entitled " Exploring Memory

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved