Univention Bugzilla – Bug 37373
heirloom-mailx: Multiple issues (4.0)
Last modified: 2015-02-11 10:58:55 CET
An undocumented feature in mailx (the implementation of the mail command) allows the execution of arbitrary commands if the email address is obtained from a remote source (CVE-2014-7844, CVE-2004-2771) heirloom-mailx is not the default mail(1) command in UCS, a separate bug exists for bsd-mailx.
This was fixed during the import of the Wheezy 7.8 point update in Bug 37511
UCS 4.0-1 has been released: http://docs.univention.de/release-notes-4.0-1-en.html http://docs.univention.de/release-notes-4.0-1-de.html If this error occurs again, please use "Clone This Bug".