Advisories ยป MGASA-2015-0484

Updated php-phpmailer packages fix CVE-2015-8476

Publication date: 24 Dec 2015
Modification date: 24 Dec 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8476

Description

Updated php-phpmailer package fixes security vulnerability:

Takeshi Terada discovered that PHPMailer accepted addresses containing line
breaks. This is valid in RFC5322, but allowing such addresses resulted in
invalid RFC5321 SMTP commands, permitting a kind of message injection attack
(CVE-2015-8476).

References

SRPMS

5/core