Advisories » MGASA-2014-0538

Updated nail package fixes security vulnerabilities

Publication date: 19 Dec 2014
Modification date: 19 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2004-2771 , CVE-2014-7844

Description

Updated nail package fixes security vulnerabilities:

A flaw was found in the way mailx handled the parsing of email addresses.
A syntactically valid email address could allow a local attacker to cause
mailx to execute arbitrary shell commands through shell meta-characters and
the direct command execution functionality (CVE-2004-2771, CVE-2014-7844).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14828
• https://rhn.redhat.com/errata/RHSA-2014-1999.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2771
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7844

SRPMS

4/core

• nail-12.4-9.1.mga4