First published: Mon Mar 18 2024(Updated: )
Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ubuntu/amavisd-new | <1:2.11.0-6.1ubuntu1.1 | 1:2.11.0-6.1ubuntu1.1 |
ubuntu/amavisd-new | <1:2.12.2-1ubuntu1.1 | 1:2.12.2-1ubuntu1.1 |
ubuntu/amavisd-new | <1:2.13.0-3ubuntu1.1 | 1:2.13.0-3ubuntu1.1 |
ubuntu/amavisd-new | <1:2.13.0-3ubuntu2 | 1:2.13.0-3ubuntu2 |
ubuntu/amavisd-new | <1:2.13.0-5 | 1:2.13.0-5 |
debian/amavisd-new | <=1:2.11.0-6.1<=1:2.11.1-5<=1:2.13.0-3 | 1:2.13.0-6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.