[SECURITY] [DLA 869-1] cgiemail security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 869-1] cgiemail security update
From: Jonas Meurer <mejo@debian.org>
Date: Fri, 24 Mar 2017 13:06:12 +0100
Message-id: <[🔎] c9debe7d-c194-7378-71c7-54a02bc18925@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : cgiemail
Version        : 1.6-37+deb7u1
CVE ID         : CVE-2017-5613 CVE-2017-5614 CVE-2017-5615 CVE-2017-5616
Debian Bug     : 852031


The cPanel Security Team discovered several security vulnerabilities in
cgiemail, a CGI program used to create HTML forms for sending mails:

CVE-2017-5613

    A format string injection vulnerability allowed to supply arbitrary
    format strings to cgiemail and cgiecho. A local attacker with
    permissions to provide a cgiemail template could use this
    vulnerability to execute code as webserver user.
    Format strings in cgiemail tempaltes are now restricted to simple
    %s, %U and %H sequences.

CVE-2017-5614

    An open redirect vulnerability in cgiemail and cgiecho binaries
    could be exploited by a local attacker to force redirect to an
    arbitrary URL. These redirects are now limited to the domain that
    handled the request.

CVE-2017-5615

    A vulnerability in cgiemail and cgiecho binaries allowed injection
    of additional HTTP headers. Newline characters are now stripped
    from the redirect location to protect against this.

CVE-2017-5616

    Missing escaping of the addendum parameter lead to a reflected
    cross-site (XSS) vulnerability in cgiemail and cgiecho binaries.
    The output is now html escaped.

For Debian 7 "Wheezy", these problems have been fixed in version
1.6-37+deb7u1.

We recommend that you upgrade your cgiemail packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


- -- 
Jonas Meurer


-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAljVC7MQHG1lam9AZGVi
aWFuLm9yZwAKCRBSYuf/SRBJ/l4hD/9PEYw94ae5Qs5Gorg3c6Hq7ZVdmltIyO0t
hNbB2dL0cy8pQT91y1y613fUYHonVOmATllcVNIO/HzSGkHCd0lfzhU5I2K2IiOR
wo1rxAr9mo4UEqFolTpKE/v72q6hU++Nwgnsq+jfzgYQSirga7HUMPHWOFKhbxbg
6ySqmxc3gbtLjnIzrYKHTQhOrlS3h2GYiezFsO07WnFm1U2dKU5cymoxlPwKPqoN
uPAIQXF2k7dgkCW25F6MHtrvpCNiI5dWJKXzA9HeuFc5wjgHTYxhTEK+d1lA0Ft8
nWx0VMiYZ4AK04oUOrq6ZtEOLuq09bLktzLBXn5g0wuFcTzsYBuSoiUt5Z6hFk82
wL0eqvFG/GRN5dBkomo+5FmvWwLvKQla3U6RGG+yXxRCXOcKfB1aiYwCsPpx1UST
vWZ9rOkZhbHzxeBEhP5D/4bD3Xk4NgGByRVsniUserhRKJxjzNBZnFFIPLAVkxIr
Hj5DErqP/LFS52+muPNXaA3LoqSvr2pq8HA34eZOmy8KddlpXb1WyVrstWWmDxSL
tf8Vjp++a353lH69X/5zqgJDTndh9z4RvL1AMfSCV3viCMKC3FS586egs7bR6oaG
sDac3dY1XpGzKSJbFWqyokG0xnKhiAoup6hNJK10EBhRdSDX9q26WpSDRqh+ognO
peC0Q6o3fw==
=56RG
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 868-1] imagemagick security update
Next by Date: [SECURITY] [DLA 839-2] tnef regression update
Previous by thread: [SECURITY] [DLA 868-1] imagemagick security update
Next by thread: [SECURITY] [DLA 839-2] tnef regression update
Index(es):
- Date
- Thread