Debian Security Advisory 3750-2

Debian Security Advisory 3750-2: Posted Jan 3, 2017; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3750-2 - A functionally regression was discovered in some specific usage scenarios of PHPMailer following the security update of DSA-3750. New packages have been released which correct the problem.; tags | advisory; systems | linux, debian; advisories | CVE-2016-10033; SHA-256 | 89d8975f83a99d2bdaab1219b4564fd46284c201591c36d28866cee151b2244c; Download | Favorite | View

Debian Security Advisory 3750-2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3750-2                   security@debian.org
https://www.debian.org/security/                          Thijs Kinkhorst 
January 3, 2017                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libphp-phpmailer
CVE ID         : CVE-2016-10033
Debian Bug     : 849365

A functionally regression was discovered in some specific usage
scenarios of PHPMailer following the security update of DSA-3750. New
packages have been released which correct the problem. The original
advisory text follows for referecen.

Dawid Golunski discovered that PHPMailer, a popular library to send
email from PHP applications, allowed a remote attacker to execute
code if they were able to provide a crafted Sender address.

Note that for this issue also CVE-2016-10045 was assigned, which is a
regression in the original patch proposed for CVE-2016-10033. Because
the origial patch was not applied in Debian, Debian was not vulnerable
to CVE-2016-10045.

For the stable distribution (jessie), this problem has been fixed in
version 5.2.9+dfsg-2+deb8u3.

For the unstable distribution (sid), this problem has been fixed in
version 5.2.14+dfsg-2.2.

We recommend that you upgrade your libphp-phpmailer packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJYa+25AAoJEFb2GnlAHawEUs8IAKYahU2KZMkzgjYBA1lmZ+2U
0GubkSidGQMkljRSXBzqCC/1+VZxHSvIDThLT8UkD8KCExoKrqtmilfFz65m2Eo4
kFVLMz0uG+sv9G9pd4dPlkWusvQVLZaP7xceqqVlIbvmAjNoAJJQ3C8nXLJFqPW+
x7g/QHK6q4QzC5aOJCgHuTxsG3geTKI1aa4TfMtK9Akusk7QM8GmPjJW3F9vt19V
+XW0SLmhPT7W/GY5PaYfNtZmrnhWCltSpMMsANkaHSEyqqMe7arPyhbdbZnh5Y3E
PrNOK2sIEWI/P3PXm0w93z0T2pFLSjLXHD72rGtIvPy8PWmt76QnFocNE4dpwFY=
=HZaN
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 229 files
indoushka 167 files
Jay Turla 150 files
Ubuntu 67 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,124)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,237)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,845)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,852)
UNIX (9,456)
UnixWare (188)
Windows (6,772)
Other

Debian Security Advisory 3750-2

Debian Security Advisory 3750-2

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3750-2

Share This

Debian Security Advisory 3750-2

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems