Detections
Analytics
Fedora 39 : php-phpmailer6 (2023-f9877b5292)
high Nessus Plugin ID 185194
Language:
Synopsis
The remote Fedora host is missing one or more security updates.Description
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-f9877b5292 advisory.- Minor security note * The DSN support added in 6.8.0 reflects the DSN back to the user in an error message if it is invalid. If a DSN uses user-supplied input (a very bad idea), it opens a distant possibility of XSS if the host app does not escape output. In an abundance of caution, malformed DSNs are no longer reflected in error messages. Changes * Don't reflect malformed DSNs in error messages to avert any risk of XSS * Improve Simplified Chinese, Sinhalese, and Norwegian translations * Don't use setAccessible in PHP >= 8.1 in tests * Avoid a deprecation notice in PHP 8.3 * Fix link in readme (FEDORA-2023-f9877b5292)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected php-phpmailer6 package.See Also
https://bodhi.fedoraproject.org/updates/FEDORA-2023-f9877b5292
Plugin Details
Severity: High
ID: 185194
File Name: fedora_2023-f9877b5292.nasl
Version: 1.0
Type: local
Agent: unix
Family: Fedora Local Security Checks
Published: 11/7/2023
Updated: 11/7/2023
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Vulnerability Information
CPE: cpe:/o:fedoraproject:fedora:39, p-cpe:/a:fedoraproject:fedora:php-phpmailer6
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 8/29/2023
Vulnerability Publication Date: 8/29/2023
Reference Information
FEDORA: 2023-f9877b5292