Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
89
security advisoryfedorasoftware updateFedora 33: Moderate Severity in PHP Mailer Remote Code Execution Alert
**Version 6.5.0** (June 16th, 2021) * **SECURITY** Fixes **CVE-2021-34551**, a complex RCE affecting Windows hosts. See SECURITY.md for details. * The fix for this issue changes the way that language files are loaded. While they remain in the same PHP-like format, they are processed as plain text, and any code in them will not be run, including operations such as concatenation using the `.`. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-ef548cb234 2021-06-26 01:07:30.334853 --------------------------------------------------------------------------------Name : php-phpmailer6 Product : Fedora 33 Version : 6.5.0 Release : 1.fc33 URL : https://github.com/PHPMailer/PHPMailer Summary : Full-featured email creation and transfer class for PHP Description : PHPMailer - A full-featured email creation and transfer class for PHP Class Features * Probably the world's most popular code for sending email from PHP! * Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more * Integrated SMTP support - send without a local mail server * Send emails with multiple To, CC, BCC and Reply-to addresses * Multipart/alternative emails for mail clients that do not read HTML email * Add attachments, including inline * Support for UTF-8 content and 8bit, base64, binary, and quoted-printable encodings * SMTP authentication with LOGIN, PLAIN, CRAM-MD5 and XOAUTH2 mechanisms over SSL and SMTP+STARTTLS transports * Validates email addresses automatically * Protect against header injection attacks * Error messages in 47 languages! * DKIM and S/MIME signing support * Compatible with PHP 5.5 and later * Namespaced to prevent name clashes * Much more! Autoloader: /usr/share/php/PHPMailer/PHPMailer6/autoload.php --------------------------------------------------------------------------------Update Information: **Version 6.5.0** (June 16th, 2021) ***SECURITY** Fixes **CVE-2021-34551**, a complex RCE affecting Windows hosts. See SECURITY.md for details. * The fix for this issue changes the way that language files are loaded. While they remain in the same PHP-like format, they are processed as plain text, and any code in them will not be run, including operations such as concatenation using the `.` operator. * *Deprecation* The current translation file format using PHP arrays is now deprecated; the next major version will introduce a new format. * **SECURITY** Fixes **CVE-2021-3603** that may permit untrusted code to be run from an address validator. See SECURITY.md for details. * The fix for this issue includes a minor BC break: callables injected into `validateAddress`, or indirectly through the `$validator` class property, may no longer be simple strings. If you want to inject your own validator, provide a closure instead of a function name. * Haraka message ID strings are now recognised --------------------------------------------------------------------------------ChangeLog: * Thu Jun 17 2021 Remi Collet - 6.5.0-1 - update to 6.5.0 --------------------------------------------------------------------------------References: [ 1 ] Bug #1973425 - CVE-2021-3603 php-PHPMailer: inclusion of functionality from untrusted control sphere vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1973425 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-ef548cb234' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jun 25, 2021
•Important
Fedora
197
security advisorydebianpackage updateDebian LTS: DLA-2244-1 Release for libphp-phpmailer - Medium Escaping Flaw
It was discovered that there was an escaping issue in libphp-phpmailer, an email generation utility class for the PHP programming language. . Package : libphp-phpmailer Version : 5.2.9+dfsg-2+deb8u6 CVE ID : CVE-2020-13625 It was discovered that there was an escaping issue in libphp-phpmailer, an email generation utility class for the PHP programming language. The `Content-Type` and `Content-Disposition` headers could have permitted file attachments that bypassed attachment filters which match on filename extensions. For more information, please see the following URL: https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj For Debian 8 "Jessie", this issue has been fixed in libphp-phpmailer version 5.2.9+dfsg-2+deb8u6. We recommend that you upgrade your libphp-phpmailer packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Regards, - -- ,'`. : :' : Chris Lamb `. `'`
Jun 11, 2020
•Medium
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!