Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
89
security advisorycriticalFedoraFedora 32 2020-06e87e71fe Critical: php-PHPMailer CVE-2020-13625 Fix
Fix CVE-2020-13625 vulnerability.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-06e87e71fe 2020-07-01 01:48:22.588196 --------------------------------------------------------------------------------Name : php-PHPMailer Product : Fedora 32 Version : 5.2.28 Release : 2.fc32 URL : https://github.com/PHPMailer/PHPMailer Summary : PHP email transport class with a lot of features Description : Full Featured Email Transfer Class for PHP. PHPMailer features: * Supports emails digitally signed with S/MIME encryption! * Supports emails with multiple TOs, CCs, BCCs and REPLY-TOs * Works on any platform. * Supports Text & HTML emails. * Embedded image support. * Multipart/alternative emails for mail clients that do not read HTML email. * Flexible debugging. * Custom mail headers. * Redundant SMTP servers. * Support for 8bit, base64, binary, and quoted-printable encoding. * Word wrap. * Multiple fs, string, and binary attachments (those from database, string, etc). * SMTP authentication. * Tested on multiple SMTP servers: Sendmail, qmail, Postfix, Gmail, Imail, Exchange, etc. * Good documentation, many examples included in download. * It's swift, small, and simple. --------------------------------------------------------------------------------Update Information: Fix CVE-2020-13625 vulnerability. --------------------------------------------------------------------------------ChangeLog: * Sun Jun 21 2020 Patrick Monnerat 5.2.28-2 - Patch "cve2020-13625" fixes CVE-2020-13625 vulnerability. This is a backport of https://github.com/PHPMailer/PHPMailer/commit/c2796cb. https://bugzilla.redhat.com/show_bug.cgi?id=1848842 --------------------------------------------------------------------------------References: [ 1 ] Bug #1848842 - CVE-2020-13625 php-PHPMailer: output escaping could resultin the file type being misinterpreted [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1848842 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-06e87e71fe' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jun 30, 2020
•Critical
Fedora
89
security advisoryfedoraemail securityFedora 32: FEDORA-2020-d67df93aa6 Critical: phpMailer Output Escaping
This is a security release, with some other minor changes. For full details, refer to the [advisory](- fqxw-rvvj). * **SECURITY** Fix insufficient output escaping bug in file attachment names. **CVE-2020-13625**. Reported by Elar Lang of Clarified. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-d67df93aa6 2020-06-07 19:44:49.164275 --------------------------------------------------------------------------------Name : php-phpmailer6 Product : Fedora 32 Version : 6.1.6 Release : 2.fc32 URL : https://github.com/PHPMailer/PHPMailer Summary : Full-featured email creation and transfer class for PHP Description : PHPMailer - A full-featured email creation and transfer class for PHP Class Features * Probably the world's most popular code for sending email from PHP! * Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more * Integrated SMTP support - send without a local mail server * Send emails with multiple To, CC, BCC and Reply-to addresses * Multipart/alternative emails for mail clients that do not read HTML email * Add attachments, including inline * Support for UTF-8 content and 8bit, base64, binary, and quoted-printable encodings * SMTP authentication with LOGIN, PLAIN, CRAM-MD5 and XOAUTH2 mechanisms over SSL and SMTP+STARTTLS transports * Validates email addresses automatically * Protect against header injection attacks * Error messages in 47 languages! * DKIM and S/MIME signing support * Compatible with PHP 5.5 and later * Namespaced to prevent name clashes * Much more! Autoloader: /usr/share/php/PHPMailer/PHPMailer6/autoload.php --------------------------------------------------------------------------------Update Information: This is a security release, with some other minor changes. For full details, refer to the [advisory](https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj). * **SECURITY** Fix insufficient output escaping bug in file attachment names. **CVE-2020-13625**. Reported by Elar Lang of Clarified Security. * Correct Armenian ISO language code from am to hy, add mapping for fallback * Use correct timeout property in debug output --------------------------------------------------------------------------------ChangeLog: * Wed May 27 2020 Remi Collet - 6.1.6-2 - update to 6.1.6 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-d67df93aa6' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jun 07, 2020
•Critical
Fedora
89
security advisoryfedoracriticalFedora 31: 2020-6d2e1105f2 Critical Threat: File Attachment Escape
This is a security release, with some other minor changes. For full details, refer to the [advisory](- fqxw-rvvj). * **SECURITY** Fix insufficient output escaping bug in file attachment names. **CVE-2020-13625**. Reported by Elar Lang of Clarified. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-6d2e1105f2 2020-06-07 19:44:15.413945 --------------------------------------------------------------------------------Name : php-phpmailer6 Product : Fedora 31 Version : 6.1.6 Release : 1.fc31 URL : https://github.com/PHPMailer/PHPMailer Summary : Full-featured email creation and transfer class for PHP Description : PHPMailer - A full-featured email creation and transfer class for PHP Class Features * Probably the world's most popular code for sending email from PHP! * Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more * Integrated SMTP support - send without a local mail server * Send emails with multiple To, CC, BCC and Reply-to addresses * Multipart/alternative emails for mail clients that do not read HTML email * Add attachments, including inline * Support for UTF-8 content and 8bit, base64, binary, and quoted-printable encodings * SMTP authentication with LOGIN, PLAIN, CRAM-MD5 and XOAUTH2 mechanisms over SSL and SMTP+STARTTLS transports * Validates email addresses automatically * Protect against header injection attacks * Error messages in 47 languages! * DKIM and S/MIME signing support * Compatible with PHP 5.5 and later * Namespaced to prevent name clashes * Much more! Autoloader: /usr/share/php/PHPMailer/PHPMailer6/autoload.php --------------------------------------------------------------------------------Update Information: This is a security release, with some other minor changes. For full details, refer to the [advisory](https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj). * **SECURITY** Fix insufficient output escaping bug in file attachment names. **CVE-2020-13625**. Reported by Elar Lang of Clarified Security. * Correct Armenian ISO language code from am to hy, add mapping for fallback * Use correct timeout property in debug output --------------------------------------------------------------------------------ChangeLog: * Wed May 27 2020 Remi Collet - 6.1.6-1 - update to 6.1.6 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-6d2e1105f2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jun 07, 2020
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!