Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2024-28054

Published: 18 March 2024

Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware.

Notes

AuthorNote
mdeslaur
The d921bc52 commit allows using ambiguous_content from
libmime-tools-perl 5.514 if it is available. That version is
only in noble+, but the previous commit will still work.

Priority

Medium

Status

Package Release Status
amavisd-new
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

jammy Needs triage

mantic Needs triage

trusty Needs triage

upstream
Released (1:2.13.0-5)
xenial Needs triage

Patches:
upstream: https://gitlab.com/amavis/amavis/commit/78c4b7076ebf1d711629a95860aae1bc0db5277a
upstream: https://gitlab.com/amavis/amavis/commit/d921bc5208ce5b4e8f3e387a1d4e1f8fa4e85008
upstream: https://gitlab.com/amavis/amavis/commit/c6c4a4c27c60194b68b617b7d3cfb033d6c587e2