Scientific Linux: 2014:1999-1 Moderate: mailx Command Issue

Dec 16, 2014 •

LinuxSecurity Advisories

4 - 7 min read

Scientific Large Esm H500

Topics Covered

security advisory moderate security update local attack mailx Scientific Linux email address

Moderate: mailx security update

Date: Mon, 15 Dec 2014 18:15:18 -0600
Reply-To: "SCIENTIFIC-LINUX-USERS@"
 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: SCL 1.2 on SL6.x, SL7.x x86_64 now available

Scientific Linux Software Collection Library 1.2 on SL6.x, SL7.x x86_64

== Introduction =The publication of the Software Collection Library 1.2 on SL6.x, SL7.x
x86_64 is now complete.

Software Collections give you power to build, install, and use multiple
versions of software on the same system, without affecting system-wide
installed packages.

== Publication Information =

This release includes:
 - devassist09
 - devtoolset-3
 - binutils
 - dwz
 - dyninst
 - eclipse
 - elfutils
 - gcc
 - gdb
 - memstomp
 - valgrind
 - git19
 - httpd24
 - mariadb55
 - maven30
 - mongodb24
 - mysql55
 - nginx14
 - nginx16
 - nodejs010
 - perl516
 - php54
 - php55
 - postgresql92
 - python27
 - python33
 - ror40
 - ruby193
 - ruby200
 - thermostat1
 - v8314
Date: Tue, 16 Dec 2014 09:17:21 -0600
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 6x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
 resource-agents-3.9.5-12.el6_6.1.i686.rpm

x86_64:
 resource-agents-3.9.5-12.el6_6.1.x86_64.rpm
 resource-agents-sap-3.9.5-12.el6_6.1.x86_64.rpm
Date: Tue, 16 Dec 2014 09:36:33 -0600
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 5x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
 gcc44-4.4.7-11.el5_11.i386.rpm
 gcc44-c++-4.4.7-11.el5_11.i386.rpm
 gcc44-gfortran-4.4.7-11.el5_11.i386.rpm
 libgfortran44-4.4.7-11.el5_11.i386.rpm
 libgomp-4.4.7-11.el5_11.i386.rpm
 libstdc++44-devel-4.4.7-11.el5_11.i386.rpm

x86_64:
 gcc44-4.4.7-11.el5_11.x86_64.rpm
 gcc44-c++-4.4.7-11.el5_11.x86_64.rpm
 gcc44-gfortran-4.4.7-11.el5_11.x86_64.rpm
 libgfortran44-4.4.7-11.el5_11.i386.rpm
 libgfortran44-4.4.7-11.el5_11.x86_64.rpm
 libgomp-4.4.7-11.el5_11.i386.rpm
 libgomp-4.4.7-11.el5_11.x86_64.rpm
 libstdc++44-devel-4.4.7-11.el5_11.i386.rpm
 libstdc++44-devel-4.4.7-11.el5_11.x86_64.rpm
Date: Tue, 16 Dec 2014 09:41:10 -0600
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 7x x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

x86_64:
 ibus-kkc-1.5.18-5.el7.x86_64.rpm
 libcacard-1.5.3-60.el7_0.11.i686.rpm
 libcacard-1.5.3-60.el7_0.11.x86_64.rpm
 libcacard-devel-1.5.3-60.el7_0.11.i686.rpm
 libcacard-devel-1.5.3-60.el7_0.11.x86_64.rpm
 libcacard-tools-1.5.3-60.el7_0.11.x86_64.rpm
 libgudev1-208-11.el7_0.5.i686.rpm
 libgudev1-208-11.el7_0.5.x86_64.rpm
 libgudev1-devel-208-11.el7_0.5.i686.rpm
 libgudev1-devel-208-11.el7_0.5.x86_64.rpm
 libkkc-0.3.1-5.el7.i686.rpm
 libkkc-0.3.1-5.el7.x86_64.rpm
 libkkc-common-0.3.1-5.el7.noarch.rpm
 libkkc-data-0.3.1-5.el7.x86_64.rpm
 libkkc-devel-0.3.1-5.el7.i686.rpm
 libkkc-devel-0.3.1-5.el7.x86_64.rpm
 libkkc-tools-0.3.1-5.el7.x86_64.rpm
 libpcap-1.5.3-3.el7_0.1.i686.rpm
 libpcap-1.5.3-3.el7_0.1.x86_64.rpm
 libpcap-devel-1.5.3-3.el7_0.1.i686.rpm
 libpcap-devel-1.5.3-3.el7_0.1.x86_64.rpm
 NetworkManager-0.9.9.1-29.git20140326.4dba720.el7_0.i686.rpm
 NetworkManager-0.9.9.1-29.git20140326.4dba720.el7_0.x86_64.rpm
 NetworkManager-config-server-0.9.9.1-29.git20140326.4dba720.el7_0.x86_64.rpm
 NetworkManager-devel-0.9.9.1-29.git20140326.4dba720.el7_0.i686.rpm
 NetworkManager-devel-0.9.9.1-29.git20140326.4dba720.el7_0.x86_64.rpm
 NetworkManager-glib-0.9.9.1-29.git20140326.4dba720.el7_0.i686.rpm
 NetworkManager-glib-0.9.9.1-29.git20140326.4dba720.el7_0.x86_64.rpm
 NetworkManager-glib-devel-0.9.9.1-29.git20140326.4dba720.el7_0.i686.rpm
 NetworkManager-glib-devel-0.9.9.1-29.git20140326.4dba720.el7_0.x86_64.rpm
 NetworkManager-tui-0.9.9.1-29.git20140326.4dba720.el7_0.x86_64.rpm
 opencryptoki-3.0-11.el7_0.1.i686.rpm
 opencryptoki-3.0-11.el7_0.1.x86_64.rpm
 opencryptoki-devel-3.0-11.el7_0.1.i686.rpm
 opencryptoki-devel-3.0-11.el7_0.1.x86_64.rpm
 opencryptoki-icsftok-3.0-11.el7_0.1.i686.rpm
 opencryptoki-icsftok-3.0-11.el7_0.1.x86_64.rpm
 opencryptoki-libs-3.0-11.el7_0.1.i686.rpm
 opencryptoki-libs-3.0-11.el7_0.1.x86_64.rpm
 opencryptoki-swtok-3.0-11.el7_0.1.i686.rpm
 opencryptoki-swtok-3.0-11.el7_0.1.x86_64.rpm
 opencryptoki-tpmtok-3.0-11.el7_0.1.i686.rpm
 opencryptoki-tpmtok-3.0-11.el7_0.1.x86_64.rpm
 publican-3.2.0-4.el7.noarch.rpm
 publican-common-db5-web-3.2.0-4.el7.noarch.rpm
 publican-common-web-3.2.0-4.el7.noarch.rpm
 publican-doc-3.2.0-4.el7.noarch.rpm
 qemu-guest-agent-1.5.3-60.el7_0.11.x86_64.rpm
 qemu-img-1.5.3-60.el7_0.11.x86_64.rpm
 qemu-kvm-1.5.3-60.el7_0.11.x86_64.rpm
 qemu-kvm-common-1.5.3-60.el7_0.11.x86_64.rpm
 qemu-kvm-tools-1.5.3-60.el7_0.11.x86_64.rpm
 sl-release-7.0-2.2.sl7.x86_64.rpm
 spice-server-0.12.4-5.el7_0.1.x86_64.rpm
 spice-server-devel-0.12.4-5.el7_0.1.x86_64.rpm
 systemd-208-11.el7_0.5.x86_64.rpm
 systemd-devel-208-11.el7_0.5.i686.rpm
 systemd-devel-208-11.el7_0.5.x86_64.rpm
 systemd-journal-gateway-208-11.el7_0.5.x86_64.rpm
 systemd-libs-208-11.el7_0.5.i686.rpm
 systemd-libs-208-11.el7_0.5.x86_64.rpm
 systemd-python-208-11.el7_0.5.x86_64.rpm
 systemd-sysv-208-11.el7_0.5.x86_64.rpm
 yum-conf-sl7x-7.0-2.2.sl7.noarch.rpm
Date: Tue, 16 Dec 2014 21:27:26 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: mailx on SL6.x, SL7.x i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: mailx security update
Advisory ID: SLSA-2014:1999-1
Issue Date: 2014-12-16
CVE Numbers: CVE-2004-2771
 CVE-2014-7844
--

A flaw was found in the way mailx handled the parsing of email addresses.
A syntactically valid email address could allow a local attacker to cause
mailx to execute arbitrary shell commands through shell meta-charactersand the direct command execution functionality. (CVE-2004-2771,
CVE-2014-7844)

Note: Applications using mailx to send email to addresses obtained from
untrusted sources will still remain vulnerable to other attacks if they
accept email addresses which start with "-" (so that they can be confused
with mailx options). To counteract this issue, this update also introduces
the "--" option, which will treat the remaining command line arguments as
email addresses.
--

SL6
 x86_64
 mailx-12.4-8.el6_6.x86_64.rpm
 mailx-debuginfo-12.4-8.el6_6.x86_64.rpm
 i386
 mailx-12.4-8.el6_6.i686.rpm
 mailx-debuginfo-12.4-8.el6_6.i686.rpm
SL7
 x86_64
 mailx-12.5-12.el7_0.x86_64.rpm
 mailx-debuginfo-12.5-12.el7_0.x86_64.rpm

- Scientific Linux Development Team

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here