Package name
php-pear-Mail
Date
2010-01-25
Advisory ID
MDVSA-2010:025
Affected versions
2009.0 x86_64 , MES5 i586 , 2010.0 x86_64 , 2010.0 i586 , 2009.1 i586 , 2009.0 i586 , CS4.0 i586 , 2008.0 x86_64 , CS4.0 x86_64 , 2008.0 i586 , 2009.1 x86_64 , MES5 x86_64

Problem description

Multiple vulnerabilities were discovered and corrected in php-pear
(Mail):

Argument injection vulnerability in the sendmail implementation of
the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14
for PEAR allows remote attackers to read and write arbitrary files
via a crafted parameter, a different vector than CVE-2009-4111
(CVE-2009-4023).

Argument injection vulnerability in Mail/sendmail.php in the Mail
package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows
remote attackers to read and write arbitrary files via a crafted
parameter, and possibly other parameters, a different vulnerability
than CVE-2009-4023 (CVE-2009-4111).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct these issues.

Updated packages

2009.0 x86_64

 202b8122c1ec7ef90f0355f99b3c7686  2009.0/x86_64/php-pear-5.2.6-6.1mdv2009.0.noarch.rpm 
 9468e00db376dab4664d665377b79fca  2009.0/SRPMS/php-pear-5.2.6-6.1mdv2009.0.src.rpm

MES5 i586

 6bdc54b90afd9bea13d663c76efe9c3e  mes5/i586/php-pear-5.2.6-6.1mdvmes5.noarch.rpm 
 4bb9c64b927033aa2125a7893f29e943  mes5/SRPMS/php-pear-5.2.6-6.1mdvmes5.src.rpm

2010.0 x86_64

 f7401a8fdd2b526c806532fcb75271e3  2010.0/x86_64/php-pear-Mail-1.2.0-0.b1.2.1mdv2010.0.noarch.rpm 
 7bb574ae5c1660a3a0cd5a2deff3586f  2010.0/SRPMS/php-pear-Mail-1.2.0-0.b1.2.1mdv2010.0.src.rpm

2010.0 i586

 6f42b2e519d40d7fa304a3dc451c1c58  2010.0/i586/php-pear-Mail-1.2.0-0.b1.2.1mdv2010.0.noarch.rpm 
 7bb574ae5c1660a3a0cd5a2deff3586f  2010.0/SRPMS/php-pear-Mail-1.2.0-0.b1.2.1mdv2010.0.src.rpm

2009.1 i586

 2e2ae9f59bc3ac527362b5c0776236fe  2009.1/i586/php-pear-5.2.9-1.1mdv2009.1.noarch.rpm 
 82b814b71169f985b1b977ba60d5bd59  2009.1/SRPMS/php-pear-5.2.9-1.1mdv2009.1.src.rpm

2009.0 i586

 aacca8d19653ea6a82a248f604abbd0b  2009.0/i586/php-pear-5.2.6-6.1mdv2009.0.noarch.rpm 
 9468e00db376dab4664d665377b79fca  2009.0/SRPMS/php-pear-5.2.6-6.1mdv2009.0.src.rpm

CS4.0 i586

 a948abe7ef93f8e60f91d52f5e0aaee4  corporate/4.0/i586/php-pear-5.1.4-3.2.20060mlcs4.noarch.rpm 
 d8fca1fee69801c2b0c3de51fcb8ba8d  corporate/4.0/SRPMS/php-pear-5.1.4-3.2.20060mlcs4.src.rpm

2008.0 x86_64

 bfd61ade59779825fa62126c05f5967a  2008.0/x86_64/php-pear-5.2.4-1.1mdv2008.0.noarch.rpm 
 f77090cf65f4ade44835a112d4fc67e0  2008.0/SRPMS/php-pear-5.2.4-1.1mdv2008.0.src.rpm

CS4.0 x86_64

 3f1684a400312f5912cc80e235c083ec  corporate/4.0/x86_64/php-pear-5.1.4-3.2.20060mlcs4.noarch.rpm 
 d8fca1fee69801c2b0c3de51fcb8ba8d  corporate/4.0/SRPMS/php-pear-5.1.4-3.2.20060mlcs4.src.rpm

2008.0 i586

 943289b9ea09700ecaf5512c50d380d3  2008.0/i586/php-pear-5.2.4-1.1mdv2008.0.noarch.rpm 
 f77090cf65f4ade44835a112d4fc67e0  2008.0/SRPMS/php-pear-5.2.4-1.1mdv2008.0.src.rpm

2009.1 x86_64

 0115517a560174cac95a19cbd17ed745  2009.1/x86_64/php-pear-5.2.9-1.1mdv2009.1.noarch.rpm 
 82b814b71169f985b1b977ba60d5bd59  2009.1/SRPMS/php-pear-5.2.9-1.1mdv2009.1.src.rpm

MES5 x86_64

 419935609521cbfc30b4161e483bdd13  mes5/x86_64/php-pear-5.2.6-6.1mdvmes5.noarch.rpm 
 4bb9c64b927033aa2125a7893f29e943  mes5/SRPMS/php-pear-5.2.6-6.1mdvmes5.src.rpm

References