Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:3076-1

Опубликовано: 26 нояб. 2019
Источник: suse-cvrf

Описание

Security update for mailman

This update for mailman fixes the following issues:

  • CVE-2019-3693: Fixed a local privilege escalation from wwwrun to root (bsc#1154328).

Список пакетов

HPE Helion OpenStack 8
mailman-2.1.17-3.11.1
SUSE Enterprise Storage 5
mailman-2.1.17-3.11.1
SUSE Linux Enterprise Server 12 SP1-LTSS
mailman-2.1.17-3.11.1
SUSE Linux Enterprise Server 12 SP2-BCL
mailman-2.1.17-3.11.1
SUSE Linux Enterprise Server 12 SP2-LTSS
mailman-2.1.17-3.11.1
SUSE Linux Enterprise Server 12 SP3-BCL
mailman-2.1.17-3.11.1
SUSE Linux Enterprise Server 12 SP3-LTSS
mailman-2.1.17-3.11.1
SUSE Linux Enterprise Server 12 SP4
mailman-2.1.17-3.11.1
SUSE Linux Enterprise Server 12 SP5
mailman-2.1.17-3.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
mailman-2.1.17-3.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
mailman-2.1.17-3.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
mailman-2.1.17-3.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
mailman-2.1.17-3.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
mailman-2.1.17-3.11.1
SUSE OpenStack Cloud 7
mailman-2.1.17-3.11.1
SUSE OpenStack Cloud 8
mailman-2.1.17-3.11.1
SUSE OpenStack Cloud Crowbar 8
mailman-2.1.17-3.11.1

Ссылки

Описание

A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions.

Затронутые продукты
HPE Helion OpenStack 8:mailman-2.1.17-3.11.1
SUSE Enterprise Storage 5:mailman-2.1.17-3.11.1
SUSE Linux Enterprise Server 12 SP1-LTSS:mailman-2.1.17-3.11.1
SUSE Linux Enterprise Server 12 SP2-BCL:mailman-2.1.17-3.11.1
Ссылки
Уязвимость SUSE-SU-2019:3076-1