Updated php-phpmailer packages fix security vulnerabilities
Publication date: 27 Jan 2017Modification date: 27 Jan 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-10033 , CVE-2017-5223
Description
It was discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address (CVE-2016-10033). It was discovered that PHPMailer prior to 5.2.22 contained a local file disclosure vulnerability if content passed to `msgHTML()` was sourced from unfiltered user input (CVE-2017-5223).
References
- https://bugs.mageia.org/show_bug.cgi?id=20069
- http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis/
- https://www.debian.org/security/2016/dsa-3750
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JTXZSKTKOWTVEXDS76R6GJGI3MLA2LL5/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10033
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5223
SRPMS
5/core
- php-phpmailer-5.2.22-1.mga5