Описание
Security update for mailman
This update for mailman fixes the following issues:
- CVE-2019-3693: Fixed a local privilege escalation from wwwrun to root (bsc#1154328).
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
mailman-2.1.15-9.6.15.1
SUSE Linux Enterprise Server 11 SP4-LTSS
mailman-2.1.15-9.6.15.1
Ссылки
- Link for SUSE-SU-2019:14230-1
- E-Mail link for SUSE-SU-2019:14230-1
- SUSE Security Ratings
- SUSE Bug 1154328
- SUSE CVE CVE-2019-3693 page
Описание
A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:mailman-2.1.15-9.6.15.1
SUSE Linux Enterprise Server 11 SP4-LTSS:mailman-2.1.15-9.6.15.1
Ссылки
- CVE-2019-3693
- SUSE Bug 1154328