November 30, 2009

Fedora 10 Security Update: php-pear-Mail-1.1.14-5.fc10

Article Source Fedora 10 Security Updates
November 30, 2009, 7:23 pm

Resolved Bugs
541964 - CVE-2009-4023 php-pear-Mail: Absent sanitization of mail header fields [Fedora all]
540842 - CVE-2009-4023 php-pear-Mail: Absent sanitization of mail header fields

Fix CVE-2009-4023, CVE-2009-4111 PEAR's Mail class did not properly escape content of mail header fields, when using the sendmail backend. A remote attacker could send an email message, with specially-crafted headers to local user, leading to disclosure of content and potentially, to modification of arbitrary system file, once the email message was processed by the PEAR's Mail class...

Read More

Click Here!