Advisories » MGASA-2016-0019

Updated ruby-mail packages fix security vulnerability

Publication date: 15 Jan 2016
Modification date: 24 Mar 2026
Type: security
Affected Mageia releases : 5

Description

The Mail library does not impose a length limit on email addresses, so an
attacker can send a long spam message via a recipient address unless there
is a limit on the application's side. The attacker-injected message in the
recipient address is processed by the server. This type of vulnerability
can be real threats in inquiry forms, member signup forms, or any other
application that delivers an email to a user-specified email address
(bsc#959129)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17325
• http://openwall.com/lists/oss-security/2015/12/11/3
• http://lists.opensuse.org/opensuse-updates/2016-01/msg00013.html

SRPMS

5/core

• ruby-mail-2.5.4-9.1.mga5