Recommended update for mailx SUSE Patch security@suse.de SUSE Security Team SUSE-RU-2015:0876-1 Final 1 1 2013-12-10T16:46:46Z current 2013-12-10T16:46:46Z 2013-12-10T16:46:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Recommended update for mailx This update for mailx enables IPv6 support and includes the following fixes: * Crop off the brackets of an ipv6 address if found. (bnc#853246) * Enable mailx to parse IPv6 addresses including a port ([ipv6]:port). (bnc#853246) * Do not pseudo detect Latin nor UTF-8 in binary attachments. (bnc#827010) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sledsp3-mailx,slessp3-mailx Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement//suse-ru-20150876-1/ Link for SUSE-RU-2015:0876-1 https://lists.suse.com/pipermail/sle-updates/2015-May/002978.html E-Mail link for SUSE-RU-2015:0876-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/827010 SUSE Bug 827010 https://bugzilla.suse.com/853246 SUSE Bug 853246 https://bugzilla.suse.com/909208 SUSE Bug 909208 https://bugzilla.suse.com/922543 SUSE Bug 922543 https://www.suse.com/security/cve/CVE-2004-2771/ SUSE CVE CVE-2004-2771 page https://www.suse.com/security/cve/CVE-2014-7844/ SUSE CVE CVE-2014-7844 page SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 mailx-12.5-1.5.1 mailx-12.5-1.5.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 mailx-12.5-1.5.1 as a component of SUSE Linux Enterprise Server 11 SP3 mailx-12.5-1.5.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA mailx-12.5-1.5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address. CVE-2004-2771 SUSE Linux Enterprise Desktop 11 SP3:mailx-12.5-1.5.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:mailx-12.5-1.5.1 SUSE Linux Enterprise Server 11 SP3:mailx-12.5-1.5.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:mailx-12.5-1.5.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement//suse-ru-20150876-1/ https://www.suse.com/security/cve/CVE-2004-2771.html CVE-2004-2771 https://bugzilla.suse.com/909208 SUSE Bug 909208 BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address. CVE-2014-7844 SUSE Linux Enterprise Desktop 11 SP3:mailx-12.5-1.5.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:mailx-12.5-1.5.1 SUSE Linux Enterprise Server 11 SP3:mailx-12.5-1.5.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:mailx-12.5-1.5.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement//suse-ru-20150876-1/ https://www.suse.com/security/cve/CVE-2014-7844.html CVE-2014-7844 https://bugzilla.suse.com/909208 SUSE Bug 909208