Article Source Fedora 11 Security Updates
November 30, 2009, 7:20 pm
November 30, 2009, 7:20 pm
Resolved Bugs
541964 – CVE-2009-4023 php-pear-Mail: Absent sanitization of mail header fields [Fedora all]
540842 – CVE-2009-4023 php-pear-Mail: Absent sanitization of mail header fields
Fix CVE-2009-4023, CVE-2009-4111 PEAR’s Mail class did not properly escape content of mail header fields, when using the sendmail backend. A remote attacker could send an email message, with specially-crafted headers to local user, leading to disclosure of content and potentially, to modification of arbitrary system file, once the email message was processed by the PEAR’s Mail class…