Create an account

Subscribe to LWN

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

rubygem-mail: arbitrary command execution

Package(s):

rubygem-mail

CVE #(s):

CVE-2012-2139 CVE-2012-2140

Created:

May 21, 2012

Updated:

May 23, 2012

Description:

From the Red Hat bugzilla:

Two flaws were corrected in rubygem-mail version 2.4.4:

A file system traversal in file_delivery method.

Arbitrary command execution when using exim or sendmail from the commandline.

Alerts:

Fedora	FEDORA-2012-7535	2012-05-19
Fedora	FEDORA-2012-7692	2012-05-19
Fedora	FEDORA-2012-7535	2012-05-19
Fedora	FEDORA-2012-7692	2012-05-19

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds