Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:13924-1

Опубликовано: 04 янв. 2019
Источник: suse-cvrf

Описание

Security update for mailman

This update for mailman fixes the following issues:

  • Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs (bsc#1077358 CVE-2018-5950)
  • Fixed a directory traversal vulnerability in MTA transports when using the recommended Mailman Transport for Exim (bsc#925502 CVE-2015-2775)
  • Fixed a XSS vulnerability, which allowed malicious listowners to inject scripts into the listinfo pages (bsc#1099510 CVE-2018-0618)
  • Fixed arbitrary text injection vulnerability in several mailman CGIs (CVE-2018-13796 bsc#1101288)
  • Fixed a CSRF vulnerability on the user options page (CVE-2016-6893 bsc#995352)

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3
mailman-2.1.15-9.6.6.1
SUSE Linux Enterprise Server 11 SP3-LTSS
mailman-2.1.15-9.6.6.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
mailman-2.1.15-9.6.6.1
SUSE Linux Enterprise Server 11 SP4
mailman-2.1.15-9.6.6.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
mailman-2.1.15-9.6.6.1

Ссылки

Описание

Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:mailman-2.1.15-9.6.6.1
SUSE Linux Enterprise Server 11 SP3-LTSS:mailman-2.1.15-9.6.6.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:mailman-2.1.15-9.6.6.1
SUSE Linux Enterprise Server 11 SP4:mailman-2.1.15-9.6.6.1
Ссылки

Описание

Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:mailman-2.1.15-9.6.6.1
SUSE Linux Enterprise Server 11 SP3-LTSS:mailman-2.1.15-9.6.6.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:mailman-2.1.15-9.6.6.1
SUSE Linux Enterprise Server 11 SP4:mailman-2.1.15-9.6.6.1
Ссылки

Описание

Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:mailman-2.1.15-9.6.6.1
SUSE Linux Enterprise Server 11 SP3-LTSS:mailman-2.1.15-9.6.6.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:mailman-2.1.15-9.6.6.1
SUSE Linux Enterprise Server 11 SP4:mailman-2.1.15-9.6.6.1
Ссылки

Описание

An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:mailman-2.1.15-9.6.6.1
SUSE Linux Enterprise Server 11 SP3-LTSS:mailman-2.1.15-9.6.6.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:mailman-2.1.15-9.6.6.1
SUSE Linux Enterprise Server 11 SP4:mailman-2.1.15-9.6.6.1
Ссылки

Описание

Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:mailman-2.1.15-9.6.6.1
SUSE Linux Enterprise Server 11 SP3-LTSS:mailman-2.1.15-9.6.6.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:mailman-2.1.15-9.6.6.1
SUSE Linux Enterprise Server 11 SP4:mailman-2.1.15-9.6.6.1
Ссылки
Уязвимость SUSE-SU-2019:13924-1