Mehrere Probleme in Mailman
ID: | USN-4348-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 16.04 LTS, Ubuntu 18.04 LTS |
Datum: | Do, 30. April 2020, 07:19 |
Referenzen: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0618
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13796 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12137 |
Applikationen: | MailMan |
Originalnachricht |
|
--===============7561437078905216725== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="DocE+STaALJfprDB" Content-Disposition: inline --DocE+STaALJfprDB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline ========================================================================== Ubuntu Security Notice USN-4348-1 April 29, 2020 mailman vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Mailman. Software Description: - mailman: Web-based mailing list manager (legacy branch) Details: It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this to issue execute arbitrary scripts or HTML. (CVE-2018-0618) It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to display arbitrary text on a web page. (CVE-2018-13796) It was discovered that Mailman incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-12137) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: mailman 1:2.1.26-1ubuntu0.1 Ubuntu 16.04 LTS: mailman 1:2.1.20-1ubuntu0.4 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4348-1 CVE-2018-0618, CVE-2018-13796, CVE-2020-12137 Package Information: https://launchpad.net/ubuntu/+source/mailman/1:2.1.26-1ubuntu0.1 https://launchpad.net/ubuntu/+source/mailman/1:2.1.20-1ubuntu0.4 --DocE+STaALJfprDB Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl6ppK4ACgkQRbznW4QL H2lHxw//aZafltzA733M+SCjWJRICNy+JuqCDl40aW+GAKgYznqBYUS9TkSY0GLO QFFFO643+r2xOgnh1GeU9ieY8m6Za/DIy0U9H6gRlk3KrXPN829RnX5icxk/isIc K9tANQi0PZdH49T07IGn6XDyazYANyPrVM/6EyaVxdN4dVGgPhLNUGI0n7NDZCmV id6NHpG8cnVlF689I/Suw/cjZwSXG7+IT09lr3AxLmJCZftcF51RHRAvMIsdKnxD YiF2ZZtLBQgt2v0/Zreuvpyk6KCP9QafvGXAgS6LCqrrr5mUqnqmnpZSrEwY+20g XoAZLGMX9szIx6dg2/IQusn1jTK1g71cZyKvAbrbBRhPHzKCqPijJyKhG+3imd4D 0woC/8xGV6UW3XqAAT4Myt9O3KTteKITQArpIGVIDQaIoq84t25Z4N+D44aJZbQZ 6e3sO2a1rFMf8l4xgD++2O7sAg8sjckPgMELkR8qDgeILNznRxQ9PIDTxB370kKN G5ZUPVXLNWMao1srETtvPu+isBXwSbx/P+I6rlCK4leAf9LPK/chBUyIUwVqcPBV 3WVgIKP94nVnPkP7UsALk7uUTmMWCeixLdi/ESY4HmhFQpjaQ6SWmeZiW8+2WTAi 9j3FvlMiV/u3gy0bSmYT8mPjx8ysXj3RjcgbWLzIBXCpworwHxc= =17ph -----END PGP SIGNATURE----- --DocE+STaALJfprDB-- --===============7561437078905216725== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce |