Advisories » MGASA-2017-0322

Updated apache-commons-email packages fix security vulnerability

Publication date: 01 Sep 2017
Modification date: 01 Sep 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-9801

Description

In apache-commons-email before 1.5, when a call-site passes a subject
for an email that contains line-breaks, the caller can add arbitrary
SMTP headers (CVE-2017-9801).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21435
• http://openwall.com/lists/oss-security/2017/08/01/7
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9801

SRPMS

5/core

• apache-commons-email-1.3.1-4.1.mga5

6/core

• apache-commons-email-1.3.1-10.1.mga6