Sicherheit: Zwei Probleme in php-phpmailer6
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in php-phpmailer6
ID: FEDORA-2021-ecf4fed550
Distribution: Fedora
Plattformen: Fedora 33
Datum: Mi, 12. Mai 2021, 23:44
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19296
Applikationen: PHPMailer


Fedora Update Notification
2021-05-12 16:12:14.610254

Name : php-phpmailer6
Product : Fedora 33
Version : 6.4.1
Release : 1.fc33
URL : https://github.com/PHPMailer/PHPMailer
Summary : Full-featured email creation and transfer class for PHP
Description :
PHPMailer - A full-featured email creation and transfer class for PHP

Class Features
* Probably the world's most popular code for sending email from PHP!
* Used by many open-source projects:
WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more
* Integrated SMTP support - send without a local mail server
* Send emails with multiple To, CC, BCC and Reply-to addresses
* Multipart/alternative emails for mail clients that do not read HTML email
* Add attachments, including inline
* Support for UTF-8 content and 8bit, base64, binary, and quoted-printable
* SMTP authentication with LOGIN, PLAIN, CRAM-MD5 and XOAUTH2 mechanisms
over SSL and SMTP+STARTTLS transports
* Validates email addresses automatically
* Protect against header injection attacks
* Error messages in 47 languages!
* DKIM and S/MIME signing support
* Compatible with PHP 5.5 and later
* Namespaced to prevent name clashes
* Much more!

Autoloader: /usr/share/php/PHPMailer/PHPMailer6/autoload.php

Update Information:

**Version 6.4.1** (April 29th, 2021) * **SECURITY** Fixes CVE-2020-36326, a
regression of CVE-2018-19296 object injection introduced in 6.1.8, see
SECURITY.md for details * Reject more file paths that look like URLs, matching
RFC3986 spec, blocking URLS using schemes such as `ssh2` * Ensure method
signature consistency in `doCallback` calls * Ukrainian language update * Add
composer scripts for checking coding standards and running tests

* Mon May 3 2021 Remi Collet <remi@remirepo.net> - 6.4.1-1
- update to 6.4.1

[ 1 ] Bug #1955757 - CVE-2020-36326 php-phpmailer6: Object injection through
Phar Deserialization via addAttachment with a UNC pathname [fedora-all]

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-ecf4fed550' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Pro-Linux @Facebook
Neue Nachrichten