Advisories » MGASA-2024-0198

Updated perl-Email-MIME packages fix security vulnerabilities

Publication date: 29 May 2024
Modification date: 29 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-4140

Description

An excessive memory use issue (CWE-770) exists in Email-MIME, before
version 1.954, which can cause denial of service when parsing multipart
MIME messages. The patch set (from 2020 and 2024) limits excessive depth
and the total number of parts. (CVE-2024-4140)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33248
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFD5BWGYAVLW6IO4SUNLTJCFFLHZYQGT/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4140

SRPMS

9/core

• perl-Email-MIME-1.954.0-1.mga9