Fedora 10 Security Update: php-pear-Mail-1.1.14-5.fc10

Article Source Fedora 10 Security Updates
November 30, 2009, 7:23 pm

Resolved Bugs
541964 – CVE-2009-4023 php-pear-Mail: Absent sanitization of mail header fields [Fedora all]
540842 – CVE-2009-4023 php-pear-Mail: Absent sanitization of mail header fields

Fix CVE-2009-4023, CVE-2009-4111 PEAR’s Mail class did not properly escape content of mail header fields, when using the sendmail backend. A remote attacker could send an email message, with specially-crafted headers to local user, leading to disclosure of content and potentially, to modification of arbitrary system file, once the email message was processed by the PEAR’s Mail class…

RELATED ARTICLESMORE FROM AUTHOR

Maintainer Confidential: Challenges and Opportunities One Year On

Bridging Design and Runtime Gaps: AsyncAPI in Event-Driven Architecture

Implementing OpenTelemetry Natively in an Event Broker

Innovation as a Catalyst in Telecommunications

Achieving Log Centralization and Analysis with Open Source SIEM and XDR: UTMStack

RELATED ARTICLES MORE FROM AUTHOR