openSUSE-SU-2018:0370-1

Опубликовано: 06 фев. 2018

Источник: suse-cvrf

Описание

Security update for apache-commons-email

This update for apache-commons-email fixes one issues.

This security issue was fixed:

CVE-2018-1294: Added validation to prevent information disclosure via unchecked bounce addresses (boo#1077893).

Список пакетов

openSUSE Leap 42.3

apache-commons-email-1.2-10.1

apache-commons-email-javadoc-1.2-10.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2018-02/msg00015.html
E-Mail link for openSUSE-SU-2018:0370-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You can mitigate this vulnerability for older versions of Commons Email by stripping line-breaks from data, that will be passed to Email.setBounceAddress(String).

Затронутые продукты

openSUSE Leap 42.3:apache-commons-email-1.2-10.1

openSUSE Leap 42.3:apache-commons-email-javadoc-1.2-10.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-1294.html
CVE-2018-1294
https://bugzilla.suse.com/1077893
SUSE Bug 1077893

openSUSE-SU-2018:0370-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2018-1294

Описание

Затронутые продукты

Ссылки