Fedora Core 11 FEDORA-2009-12348 (php-pear-Mail)

Summary
The remote host is missing an update to php-pear-Mail announced via advisory FEDORA-2009-12348.
Solution
Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update php-pear-Mail' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12348
Insight
Update Information: Fix CVE-2009-4023, CVE-2009-4111 PEAR's Mail class did not properly escape content of mail header fields, when using the sendmail backend. A remote attacker could send an email message, with specially-crafted headers to local user, leading to disclosure of content and potentially, to modification of arbitrary system file, once the email message was processed by the PEAR's Mail class. ChangeLog: * Fri Nov 27 2009 Remi Collet 1.1.14-5 - Fix CVE-2009-4023 (#540842) - rename Mail.xml to php-pear-Mail.xml * Sun Jul 26 2009 Fedora Release Engineering - 1.1.14-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
References