Updated ruby-mail packages fix security vulnerability
Publication date: 15 Jan 2016Modification date: 07 Mar 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-pending
Description
The Mail library does not impose a length limit on email addresses, so an attacker can send a long spam message via a recipient address unless there is a limit on the application's side. The attacker-injected message in the recipient address is processed by the server. This type of vulnerability can be real threats in inquiry forms, member signup forms, or any other application that delivers an email to a user-specified email address (bsc#959129)
References
SRPMS
5/core
- ruby-mail-2.5.4-9.1.mga5