The SuSE Security Team reviewed critical Perl modules, including the Mail::Mailer package. This package contains a security hole which allows remote attackers to execute arbitrary commands in certain circumstances. This is due to the usage of mailx as default mailer which allows commands to be embedded in the mail body. Vulnerable to this attack are custom auto reply programs or spam filters which use Mail::Mailer directly or indirectly. version 1.51: Tue Oct 29 14:25:28 CET 2002 - Mail::Util::maildomain() if no information about domains is found in sendmail.cf, no error should be reported. [Vaughn Skinner] - Removed the possibility to use 'mailx', which was the default: removal from the detectionn routines and Mail/Mailer/mail.pm. Strongly suggested by [Sebastian Krahmer]
all yours, aliz
The new MailTools has broken my email-server (amavis needs mailtools): They got installed at the wrong place: >>> //usr/lib/5.6.1/ >>> /usr/lib/5.6.1/i686-linux/ >>> //usr/lib/5.6.1/i686-linux/perllocal.pod >>> Regenerating /etc/ld.so.cache... >>> dev-perl/MailTools-1.51 merged. This is really annoying, will that inc bug with perl never stop? Just for other amavis-users: you won't receive any mails because amavis will bounce all mails because it couldn't find the needed perl headers.
I can't tell you how much I hate that perl mess. After I unmerged ExUtils-MakeMake and reemerged perl, the MailTools got installed at the right place.