drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in mailman
Name: |
Ausführen beliebiger Kommandos in mailman |
|
ID: |
DSA-4246-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian stretch |
|
Datum: |
So, 15. Juli 2018, 23:16 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0618 |
|
Applikationen: |
MailMan |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4246-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 15, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : mailman CVE ID : CVE-2018-0618
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. discovered that mailman, a web-based mailing list manager, is prone to a cross-site scripting flaw allowing a malicious listowner to inject scripts into the listinfo page, due to not validated input in the host_name field.
For the stable distribution (stretch), this problem has been fixed in version 1:2.1.23-1+deb9u3.
We recommend that you upgrade your mailman packages.
For the detailed security status of mailman please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mailman
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAltLmNBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R/QQ/9HUE6xVbVmD2gccUeli5423s5IzalCDLYCPB+mTQRzXLpIVkwzL2E4mlk QaQT1WEd+RFoPdXmAKKBnl0QPiYp7oooCEmXKQYAOfo/Lpr2Habo3j1B0JhSR5Kg WDEzGc2vpcL4fcoP8CBejlQvqsghvnPOekqMfn4oB3gSRX4Xh5HpcDP9EtnfVGeQ wHkN554lRJJ0egUpTyqvylc95pYbs1Cu1tyIEzZfvG6kLTyGZuHW0KNjEBlYMitL EgXy0D0q5TAWhHP37l3j5bEXz9Fs7ie/Q2cVqYbtXpJPFEEre+giwUC8jU5cR37e eiuOsRP7AyV5zbbpD+vu4I626WomGi5a3H8aEqEnGpFZVoI1EhWKF69lgY9mG71J rrtQ+BWE+cRlgfsmCS2fbcEoXblJvdJfTAaBNrvOAY6YZG5vn4GSv8dM/4ToNW3Q tw1eFv/9tytVMnIQKjEa1IgGZmsoAIhAOolWG1n4bA4v48OgWtzpgrVITkG18mfy 4vqc9sSMomIuvyY8NcO6gHccBnH9lrhahkGLhn56hvSghOEubHIOOPI0kz3qU/43 2N45F8u5vyKKmlis4mE7+ddH/LzHr/bPxbwQm2PrhlXAxHCHfJ463wdcF7NPS0BP h6VGbH1VPTeYL2WajDvM52r0lk2798Lbn1jvXZRSSVFqBeW3W+4= =hO38 -----END PGP SIGNATURE-----
|
|
|
|