Synopsis: Moderate: mailx security update Advisory ID: SLSA-2014:1999-1 Issue Date: 2014-12-16 CVE Numbers: CVE-2004-2771 CVE-2014-7844 -- A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. (CVE-2004-2771, CVE-2014-7844) Note: Applications using mailx to send email to addresses obtained from untrusted sources will still remain vulnerable to other attacks if they accept email addresses which start with "-" (so that they can be confused with mailx options). To counteract this issue, this update also introduces the "--" option, which will treat the remaining command line arguments as email addresses. -- SL6 x86_64 mailx-12.4-8.el6_6.x86_64.rpm mailx-debuginfo-12.4-8.el6_6.x86_64.rpm i386 mailx-12.4-8.el6_6.i686.rpm mailx-debuginfo-12.4-8.el6_6.i686.rpm SL7 x86_64 mailx-12.5-12.el7_0.x86_64.rpm mailx-debuginfo-12.5-12.el7_0.x86_64.rpm - Scientific Linux Development Team