Stay Secure with the Latest Linux Advisories

security advisoryfedoraprivilege escalation

CentOS 8: 2019-b1c3dacabc Critical: Kernel Memory Leak Vulnerability

MIMEDefang 2.81 Sys::Syslog has a developer tag added (like 0.33_01 on Debian Stretch). * Make mimedefang and mimedefang-multiplexor write their PID files as root to avoid an unprivileged user tampering with the pidfiles. Thanks to Michael Orlitzky for pointing this issue out.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-400f199e15 2017-09-30 05:57:53.204390 --------------------------------------------------------------------------------Name : mimedefang Product : Fedora 27 Version : 2.81 Release : 1.fc27 URL : https://mimedefang.org/ Summary : E-Mail filtering framework using Sendmail's Milter interface Description : MIMEDefang is an e-mail filter program which works with Sendmail 8.12 and later. It filters all e-mail messages sent via SMTP. MIMEDefang splits multi-part MIME messages into their components and potentially deletes or modifies the various parts. It then reassembles the parts back into an e-mail message and sends it on its way. There are some caveats you should be aware of before using MIMEDefang. MIMEDefang potentially alters e-mail messages. This breaks a "gentleman's agreement" that mail transfer agents do not modify message bodies. This could cause problems, for example, with encrypted or signed messages. --------------------------------------------------------------------------------Update Information: MIMEDefang 2.81 =============== * Don't barf if the installed version of Sys::Syslog has a developer tag added (like 0.33_01 on Debian Stretch). * Make mimedefang and mimedefang-multiplexor write their PID files as root to avoid an unprivileged user tampering with the pidfiles. Thanks to Michael Orlitzky for pointing this issue out. --------------------------------------------------------------------------------References: [ 1 ] Bug #1487543 - CVE-2017-14102 mimedefang: Privilege escalation via PID file manipulation https://bugzilla.redhat.com/show_bug.cgi?id=1487543 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade mimedefang' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . Discover the critical mimedefang security update for Fedora 27 addressing privilege escalation risks.. MIMEDefang Security,Fedora 27 Update,Email Filtering Framework. . Severity: Critical. LinuxSecurity.com Team

Sep 30, 2017 •Critical Fedora