Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
197
security advisorysoftware updatedebianDebian 9: DLA-2731-1 Moderate: WordPress Object Injection Fix
One security issue affects WordPress, a weblog manager, versions between 3.7 and 5.7. This update fixes the following security issues: Object injection in PHPMailer (CVE-2020-36326 and CVE-2018-19296). . - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2731-1
Aug 04, 2021
Debian LTS
203
security advisorysoftware updatecode executionMageia 7 and 8: 2021-0456 Medium: PHPMailer Code Execution Issue
PHPMailer contained a vulnerability that can result in untrusted code being called (CVE-2021-3603). See upstream release notes. . MGASA-2021-0345 - Updated php-phpmailer package fixes security vulnerability Publication date: 12 Jul 2021 URL: https://advisories.mageia.org/MGASA-2021-0345.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2021-3603 PHPMailer contained a vulnerability that can result in untrusted code being called (CVE-2021-3603). See upstream release notes. References: - https://bugs.mageia.org/show_bug.cgi?id=29183 - https://github.com/PHPMailer/PHPMailer/releases/tag/v6.5.0 - https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-77mr-wc79-m8j3 - https://www.cve.org/CVERecord?id=CVE-2021-3603 SRPMS: - 7/core/php-phpmailer-6.5.0-1.mga7 - 8/core/php-phpmailer-6.5.0-1.mga8 . The revised php-phpmailer library addresses a security flaw in Mageia 7 and 8, mitigating the risk of unauthorized code execution.. PHPmailer Security Patch, Mageia Update, Untrusted Code Execution. . Severity: Medium. LinuxSecurity.com Team
Jul 12, 2021
•Medium
Mageia
89
security advisorycriticalsoftware updateFedora 34 Security Advisory: php-phpmailer6 RCE Critical Fix
**Version 6.5.0** (June 16th, 2021) * **SECURITY** Fixes **CVE-2021-34551**, a complex RCE affecting Windows hosts. See SECURITY.md for details. * The fix for this issue changes the way that language files are loaded. While they remain in the same PHP-like format, they are processed as plain text, and any code in them will not be run, including operations such as concatenation using the `.`. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-bfc34b3d5c 2021-06-26 01:00:34.124221 --------------------------------------------------------------------------------Name : php-phpmailer6 Product : Fedora 34 Version : 6.5.0 Release : 1.fc34 URL : https://github.com/PHPMailer/PHPMailer Summary : Full-featured email creation and transfer class for PHP Description : PHPMailer - A full-featured email creation and transfer class for PHP Class Features * Probably the world's most popular code for sending email from PHP! * Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more * Integrated SMTP support - send without a local mail server * Send emails with multiple To, CC, BCC and Reply-to addresses * Multipart/alternative emails for mail clients that do not read HTML email * Add attachments, including inline * Support for UTF-8 content and 8bit, base64, binary, and quoted-printable encodings * SMTP authentication with LOGIN, PLAIN, CRAM-MD5 and XOAUTH2 mechanisms over SSL and SMTP+STARTTLS transports * Validates email addresses automatically * Protect against header injection attacks * Error messages in 47 languages! * DKIM and S/MIME signing support * Compatible with PHP 5.5 and later * Namespaced to prevent name clashes * Much more! Autoloader: /usr/share/php/PHPMailer/PHPMailer6/autoload.php --------------------------------------------------------------------------------Update Information: **Version 6.5.0** (June 16th, 2021) ***SECURITY** Fixes **CVE-2021-34551**, a complex RCE affecting Windows hosts. See SECURITY.md for details. * The fix for this issue changes the way that language files are loaded. While they remain in the same PHP-like format, they are processed as plain text, and any code in them will not be run, including operations such as concatenation using the `.` operator. * *Deprecation* The current translation file format using PHP arrays is now deprecated; the next major version will introduce a new format. * **SECURITY** Fixes **CVE-2021-3603** that may permit untrusted code to be run from an address validator. See SECURITY.md for details. * The fix for this issue includes a minor BC break: callables injected into `validateAddress`, or indirectly through the `$validator` class property, may no longer be simple strings. If you want to inject your own validator, provide a closure instead of a function name. * Haraka message ID strings are now recognised --------------------------------------------------------------------------------ChangeLog: * Thu Jun 17 2021 Remi Collet - 6.5.0-1 - update to 6.5.0 --------------------------------------------------------------------------------References: [ 1 ] Bug #1973425 - CVE-2021-3603 php-PHPMailer: inclusion of functionality from untrusted control sphere vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1973425 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-bfc34b3d5c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list
Jun 25, 2021
•Critical
Fedora
89
security advisoryfedoracriticalFedora: 2021-ecf4fed550 Critical: PhpMailer Object Injection Fix
**Version 6.4.1** (April 29th, 2021) * **SECURITY** Fixes CVE-2020-36326, a regression of CVE-2018-19296 object injection introduced in 6.1.8, see SECURITY.md for details * Reject more file paths that look like URLs, matching RFC3986 spec, blocking URLS using schemes such as `ssh2` * Ensure method signature consistency in `doCallback` calls * Ukrainian language update * Add. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-ecf4fed550 2021-05-12 16:12:14.610254 --------------------------------------------------------------------------------Name : php-phpmailer6 Product : Fedora 33 Version : 6.4.1 Release : 1.fc33 URL : https://github.com/PHPMailer/PHPMailer Summary : Full-featured email creation and transfer class for PHP Description : PHPMailer - A full-featured email creation and transfer class for PHP Class Features * Probably the world's most popular code for sending email from PHP! * Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more * Integrated SMTP support - send without a local mail server * Send emails with multiple To, CC, BCC and Reply-to addresses * Multipart/alternative emails for mail clients that do not read HTML email * Add attachments, including inline * Support for UTF-8 content and 8bit, base64, binary, and quoted-printable encodings * SMTP authentication with LOGIN, PLAIN, CRAM-MD5 and XOAUTH2 mechanisms over SSL and SMTP+STARTTLS transports * Validates email addresses automatically * Protect against header injection attacks * Error messages in 47 languages! * DKIM and S/MIME signing support * Compatible with PHP 5.5 and later * Namespaced to prevent name clashes * Much more! Autoloader: /usr/share/php/PHPMailer/PHPMailer6/autoload.php --------------------------------------------------------------------------------Update Information: **Version 6.4.1** (April 29th, 2021) * **SECURITY** FixesCVE-2020-36326, a regression of CVE-2018-19296 object injection introduced in 6.1.8, see SECURITY.md for details * Reject more file paths that look like URLs, matching RFC3986 spec, blocking URLS using schemes such as `ssh2` * Ensure method signature consistency in `doCallback` calls * Ukrainian language update * Add composer scripts for checking coding standards and running tests --------------------------------------------------------------------------------ChangeLog: * Mon May 3 2021 Remi Collet - 6.4.1-1 - update to 6.4.1 --------------------------------------------------------------------------------References: [ 1 ] Bug #1955757 - CVE-2020-36326 php-phpmailer6: Object injection through Phar Deserialization via addAttachment with a UNC pathname [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1955757 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-ecf4fed550' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 12, 2021
•Critical
Fedora
89
security advisorycriticalFedoraFedora 34: FEDORA-2021-b21bbfa198 Critical: PhpMailer Input Manipulation
**Version 6.4.1** (April 29th, 2021) * **SECURITY** Fixes CVE-2020-36326, a regression of CVE-2018-19296 object injection introduced in 6.1.8, see SECURITY.md for details * Reject more file paths that look like URLs, matching RFC3986 spec, blocking URLS using schemes such as `ssh2` * Ensure method signature consistency in `doCallback` calls * Ukrainian language update * Add. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-b21bbfa198 2021-05-12 05:41:31.251870 --------------------------------------------------------------------------------Name : php-phpmailer6 Product : Fedora 34 Version : 6.4.1 Release : 1.fc34 URL : https://github.com/PHPMailer/PHPMailer Summary : Full-featured email creation and transfer class for PHP Description : PHPMailer - A full-featured email creation and transfer class for PHP Class Features * Probably the world's most popular code for sending email from PHP! * Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more * Integrated SMTP support - send without a local mail server * Send emails with multiple To, CC, BCC and Reply-to addresses * Multipart/alternative emails for mail clients that do not read HTML email * Add attachments, including inline * Support for UTF-8 content and 8bit, base64, binary, and quoted-printable encodings * SMTP authentication with LOGIN, PLAIN, CRAM-MD5 and XOAUTH2 mechanisms over SSL and SMTP+STARTTLS transports * Validates email addresses automatically * Protect against header injection attacks * Error messages in 47 languages! * DKIM and S/MIME signing support * Compatible with PHP 5.5 and later * Namespaced to prevent name clashes * Much more! Autoloader: /usr/share/php/PHPMailer/PHPMailer6/autoload.php --------------------------------------------------------------------------------Update Information: **Version 6.4.1** (April 29th, 2021) * **SECURITY** FixesCVE-2020-36326, a regression of CVE-2018-19296 object injection introduced in 6.1.8, see SECURITY.md for details * Reject more file paths that look like URLs, matching RFC3986 spec, blocking URLS using schemes such as `ssh2` * Ensure method signature consistency in `doCallback` calls * Ukrainian language update * Add composer scripts for checking coding standards and running tests --------------------------------------------------------------------------------ChangeLog: * Mon May 3 2021 Remi Collet - 6.4.1-1 - update to 6.4.1 --------------------------------------------------------------------------------References: [ 1 ] Bug #1955757 - CVE-2020-36326 php-phpmailer6: Object injection through Phar Deserialization via addAttachment with a UNC pathname [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1955757 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-b21bbfa198' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 12, 2021
•Critical
Fedora
172
security advisoryremote exploitubuntuUbuntu 18.04 LTS: USN-4505-1 Moderate: PHPMailer Filename Exploit
Attachments with specially crafted filenames could bypass filename-based mail attachment filters.. =========================================================================Ubuntu Security Notice USN-4505-1 September 16, 2020 libphp-phpmailer vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Attachments with specially crafted filenames could bypass filename-based mail attachment filters. Software Description: - libphp-phpmailer: full featured email transfer class for PHP Details: Elar Lang discovered that PHPMailer did not properly escape double quote characters in filenames. A remote attacker could possibly exploit this with a crafted filename to bypass attachment filters that are based on matching filename extensions. (CVE-2020-13625) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libphp-phpmailer 5.2.14+dfsg-2.3+deb9u2build0.18.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4505-1 CVE-2020-13625 Package Information: https://launchpad.net/ubuntu/+source/libphp-phpmailer/5.2.14+dfsg-2.3+deb9u2build0.18.04.1 . A critical PHPMailer vulnerability affects Ubuntu 18.04 LTS, allowing remote attackers potential unauthorized actions. Update to mitigate risks promptly. PHPMailer Exploit, Ubuntu Security Notice, Email Attachment Risk. . LinuxSecurity.com Team
Sep 16, 2020
Ubuntu
89
security advisoryfedoraemail securityFedora 32: FEDORA-2020-d67df93aa6 Critical: phpMailer Output Escaping
This is a security release, with some other minor changes. For full details, refer to the [advisory](- fqxw-rvvj). * **SECURITY** Fix insufficient output escaping bug in file attachment names. **CVE-2020-13625**. Reported by Elar Lang of Clarified. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-d67df93aa6 2020-06-07 19:44:49.164275 --------------------------------------------------------------------------------Name : php-phpmailer6 Product : Fedora 32 Version : 6.1.6 Release : 2.fc32 URL : https://github.com/PHPMailer/PHPMailer Summary : Full-featured email creation and transfer class for PHP Description : PHPMailer - A full-featured email creation and transfer class for PHP Class Features * Probably the world's most popular code for sending email from PHP! * Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more * Integrated SMTP support - send without a local mail server * Send emails with multiple To, CC, BCC and Reply-to addresses * Multipart/alternative emails for mail clients that do not read HTML email * Add attachments, including inline * Support for UTF-8 content and 8bit, base64, binary, and quoted-printable encodings * SMTP authentication with LOGIN, PLAIN, CRAM-MD5 and XOAUTH2 mechanisms over SSL and SMTP+STARTTLS transports * Validates email addresses automatically * Protect against header injection attacks * Error messages in 47 languages! * DKIM and S/MIME signing support * Compatible with PHP 5.5 and later * Namespaced to prevent name clashes * Much more! Autoloader: /usr/share/php/PHPMailer/PHPMailer6/autoload.php --------------------------------------------------------------------------------Update Information: This is a security release, with some other minor changes. For full details, refer to the [advisory](https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj). * **SECURITY** Fix insufficient output escaping bug in file attachment names. **CVE-2020-13625**. Reported by Elar Lang of Clarified Security. * Correct Armenian ISO language code from am to hy, add mapping for fallback * Use correct timeout property in debug output --------------------------------------------------------------------------------ChangeLog: * Wed May 27 2020 Remi Collet - 6.1.6-2 - update to 6.1.6 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-d67df93aa6' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jun 07, 2020
•Critical
Fedora
89
security advisoryfedoracriticalFedora 31: 2020-6d2e1105f2 Critical Threat: File Attachment Escape
This is a security release, with some other minor changes. For full details, refer to the [advisory](- fqxw-rvvj). * **SECURITY** Fix insufficient output escaping bug in file attachment names. **CVE-2020-13625**. Reported by Elar Lang of Clarified. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-6d2e1105f2 2020-06-07 19:44:15.413945 --------------------------------------------------------------------------------Name : php-phpmailer6 Product : Fedora 31 Version : 6.1.6 Release : 1.fc31 URL : https://github.com/PHPMailer/PHPMailer Summary : Full-featured email creation and transfer class for PHP Description : PHPMailer - A full-featured email creation and transfer class for PHP Class Features * Probably the world's most popular code for sending email from PHP! * Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more * Integrated SMTP support - send without a local mail server * Send emails with multiple To, CC, BCC and Reply-to addresses * Multipart/alternative emails for mail clients that do not read HTML email * Add attachments, including inline * Support for UTF-8 content and 8bit, base64, binary, and quoted-printable encodings * SMTP authentication with LOGIN, PLAIN, CRAM-MD5 and XOAUTH2 mechanisms over SSL and SMTP+STARTTLS transports * Validates email addresses automatically * Protect against header injection attacks * Error messages in 47 languages! * DKIM and S/MIME signing support * Compatible with PHP 5.5 and later * Namespaced to prevent name clashes * Much more! Autoloader: /usr/share/php/PHPMailer/PHPMailer6/autoload.php --------------------------------------------------------------------------------Update Information: This is a security release, with some other minor changes. For full details, refer to the [advisory](https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj). * **SECURITY** Fix insufficient output escaping bug in file attachment names. **CVE-2020-13625**. Reported by Elar Lang of Clarified Security. * Correct Armenian ISO language code from am to hy, add mapping for fallback * Use correct timeout property in debug output --------------------------------------------------------------------------------ChangeLog: * Wed May 27 2020 Remi Collet - 6.1.6-1 - update to 6.1.6 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-6d2e1105f2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jun 07, 2020
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!