Sicherheit: Ausführen von Code mit höheren Privilegien in MIMEDefang
Aktuelle Meldungen Distributionen
Name: Ausführen von Code mit höheren Privilegien in MIMEDefang
ID: FEDORA-2017-77e8bc720a
Distribution: Fedora
Plattformen: Fedora 26
Datum: Mi, 13. September 2017, 06:26
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14102
Applikationen: MIMEDefang



Fedora Update Notification
2017-09-12 20:12:34.166487

Name : mimedefang
Product : Fedora 26
Version : 2.81
Release : 1.fc26
URL : https://mimedefang.org/
Summary : E-Mail filtering framework using Sendmail's Milter interface
Description :
MIMEDefang is an e-mail filter program which works with Sendmail 8.12
and later. It filters all e-mail messages sent via SMTP. MIMEDefang
splits multi-part MIME messages into their components and potentially
deletes or modifies the various parts. It then reassembles the parts
back into an e-mail message and sends it on its way.

There are some caveats you should be aware of before using MIMEDefang.
MIMEDefang potentially alters e-mail messages. This breaks a
agreement" that mail transfer agents do not modify message bodies. This
could cause problems, for example, with encrypted or signed messages.


Update Information:

MIMEDefang 2.81 =============== * Don't barf if the installed version
Sys::Syslog has a developer tag added (like 0.33_01 on Debian Stretch). *
mimedefang and mimedefang-multiplexor write their PID files as root to avoid
unprivileged user tampering with the pidfiles. Thanks to Michael Orlitzky for
pointing this issue out.


[ 1 ] Bug #1487543 - CVE-2017-14102 mimedefang: Privilege escalation via PID
file manipulation

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade mimedefang' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux @Facebook
Neue Nachrichten