Detections
Analytics
Fedora 37 : php-phpmailer6 (2023-f2be748f28)
high Nessus Plugin ID 181011
Language:
Synopsis
The remote Fedora host is missing one or more security updates.Description
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-f2be748f28 advisory.- Minor security note * The DSN support added in 6.8.0 reflects the DSN back to the user in an error message if it is invalid. If a DSN uses user-supplied input (a very bad idea), it opens a distant possibility of XSS if the host app does not escape output. In an abundance of caution, malformed DSNs are no longer reflected in error messages. Changes * Don't reflect malformed DSNs in error messages to avert any risk of XSS * Improve Simplified Chinese, Sinhalese, and Norwegian translations * Don't use setAccessible in PHP >= 8.1 in tests * Avoid a deprecation notice in PHP 8.3 * Fix link in readme (FEDORA-2023-f2be748f28)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected php-phpmailer6 package.See Also
https://bodhi.fedoraproject.org/updates/FEDORA-2023-f2be748f28
Plugin Details
Severity: High
ID: 181011
File Name: fedora_2023-f2be748f28.nasl
Version: 1.0
Type: local
Agent: unix
Family: Fedora Local Security Checks
Published: 9/7/2023
Updated: 9/7/2023
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Vulnerability Information
CPE: cpe:/o:fedoraproject:fedora:37, p-cpe:/a:fedoraproject:fedora:php-phpmailer6
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 8/29/2023
Vulnerability Publication Date: 8/29/2023
Reference Information
FEDORA: 2023-f2be748f28