drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in MailMan
Name: |
Ausführen beliebiger Kommandos in MailMan |
|
ID: |
DSA-3214-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian wheezy |
|
Datum: |
Mo, 6. April 2015, 21:56 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2775 |
|
Applikationen: |
MailMan |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3214-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst April 06, 2015 http://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : mailman CVE ID : CVE-2015-2775 Debian Bug : 781626
A path traversal vulnerability was discovered in Mailman, the mailing list manager. Installations using a transport script (such as postfix-to-mailman.py) to interface with their MTA instead of static aliases were vulnerable to a path traversal attack. To successfully exploit this, an attacker needs write access on the local file system.
For the stable distribution (wheezy), this problem has been fixed in version 1:2.1.15-1+deb7u1.
For the unstable distribution (sid), this problem has been fixed in version 1:2.1.18-2.
We recommend that you upgrade your mailman packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBCAAGBQJVIr3sAAoJEFb2GnlAHawEdfwH/jmuts55on4WN4fPjDRYi0CG wmStOe5GFOu7vX56Xjvwhyx4MB4ALzV9vTM3UBAiwHDt1tRPNGjSW38MMUxVCple VnhzIOeneM93pd7UtzO+n8avUlXN5uyGMPlc4Qy7EC4Ql/1s6/h/b2ZImfSHxpyG FaEQG7U6MDZdiUI9ZtX6rOj9TcxNT3WyRpWqlA5McUGio0y5CV5gc+/zdyhvApo7 wbqMpALrI6XfeZj1ozfD3feRM0wnER5K8rrwRqZkn14l+T7iv/Rp5HiTJWLcOi1W RXsHRGMC3mWTrWzYcHpWJLbMA5Zxr7Z8toiHaiahikVR1Fh6OuYLwGD0QDnhlUY= =9fjr -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: https://lists.debian.org/20150406171314.A53FD5A6F2@kinkhorst.com
|
|
|
|