mailx: Multiple vulnerabilities — GLSA 201804-06

Multiple vulnerabilities were discovered in mailx, the worst of which may allow a remote attacker to execute arbitrary commands.

Affected packages

mail-client/mailx on all architectures
Affected versions < 8.1.2.20160123
Unaffected versions >= 8.1.2.20160123

Background

A utility program for sending and receiving mail, also known as a Mail User Agent program.

Description

Multiple vulnerabilities have been discovered in mailx. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could execute arbitrary commands.

Workaround

There is no known workaround at this time.

Resolution

All mailx users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=mail-client/mailx-8.1.2.20160123"
 

References

Release date
April 08, 2018

Latest revision
April 08, 2018: 1

Severity
normal

Exploitable
remote

Bugzilla entries