SUSE-SU-2020:14356-1

Опубликовано: 05 мая 2020

Источник: suse-cvrf

Описание

Security update for mailman

This update for mailman fixes the following issues:

Security issue fixed:

CVE-2020-12137: Fixed a XSS vulnerability caused by MIME type confusion (bsc#1170558).

Non-security issue fixed:

Fixed rights and ownership on /var/lib/mailman/archives (bsc#1167068).

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3

mailman-2.1.15-9.6.20.1

SUSE Linux Enterprise Server 11 SP4-LTSS

mailman-2.1.15-9.6.20.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-202014356-1/
Link for SUSE-SU-2020:14356-1
https://lists.suse.com/pipermail/sle-security-updates/2020-May/006780.html
E-Mail link for SUSE-SU-2020:14356-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1167068
SUSE Bug 1167068
https://bugzilla.suse.com/1170558
SUSE Bug 1170558
https://www.suse.com/security/cve/CVE-2020-12137/
SUSE CVE CVE-2020-12137 page

Описание

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.

Затронутые продукты

SUSE Linux Enterprise Point of Sale 11 SP3:mailman-2.1.15-9.6.20.1

SUSE Linux Enterprise Server 11 SP4-LTSS:mailman-2.1.15-9.6.20.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-12137.html
CVE-2020-12137
https://bugzilla.suse.com/1170558
SUSE Bug 1170558

SUSE-SU-2020:14356-1

Описание

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3

SUSE Linux Enterprise Server 11 SP4-LTSS

Ссылки

Уязвимость: CVE-2020-12137

Описание

Затронутые продукты

Ссылки