Oval Definition:oval:org.opensuse.security:def:63657
Revision Date:2020-12-01Version:1
Title:Security update for mailman (Important)
Description:

This update for mailman fixes the following security vulnerabilities:

* - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs (bsc#1077358 CVE-2018-5950) - Fixed a directory traversal vulnerability in MTA transports when using the recommended Mailman Transport for Exim (bsc#925502 CVE-2015-2775) - Fixed a XSS vulnerability, which allowed malicious listowners to inject scripts into the listinfo pages (bsc#1099510 CVE-2018-0618) - Fixed arbitrary text injection vulnerability in several mailman CGIs (CVE-2018-13796 bsc#1101288) - Fixed a CSRF vulnerability on the user options page (CVE-2016-6893 bsc#995352)
Family:unixClass:patch
Status:Reference(s):1024718
1046299
1050242
1050244
1051510
1055121
1055186
1058115
1060463
1065729
1077358
1078248
1079935
1082387
1083647
1086282
1086283
1086423
1087084
1087200
1087978
1088386
1090888
1091405
1094244
1097593
1099510
1101288
1102875
1102877
1102879
1102882
1102896
1103257
1104353
1104427
1104967
1105168
1106105
1106110
1106615
1106913
1108270
1109272
1109465
1110558
1111188
1111469
1111696
1111795
1112128
1113722
1114648
1114871
1116040
1116336
1116803
1116841
1117115
1117162
1117165
1117186
1117473
1117561
1117656
1117953
1118215
1118319
1118428
1118484
1118505
1118752
1118760
1118761
1118762
1118766
1118767
1118768
1118769
1118771
1118772
1118773
1118774
1118775
1118787
1118788
1118798
1118809
1118962
1119017
1119086
1119212
1119322
1119410
1119714
1119749
1119804
1119946
1119962
1119968
1120036
1120046
1120053
1120054
1120055
1120058
1120088
1120092
1120094
1120096
1120097
1120173
1120214
1120223
1120228
1120230
1120232
1120234
1120235
1120238
1120594
1120598
1120600
1120601
1120602
1120603
1120604
1120606
1120612
1120613
1120614
1120615
1120616
1120617
1120618
1120620
1120621
1120632
1120633
1120743
1120954
1121017
1121058
1121263
1121273
1121477
1121483
1121599
1121621
1121714
1121715
1121973
1123482
1124525
1132728
1132729
1132732
1132734
1133035
1133810
1134718
1140868
1144504
1145665
1149323
1149458
1151839
1152692
1155327
1158095
1166881
1168345
1173027
1173376
1173377
1173378
1173380
1174711
1178512
925502
995352
CVE-2015-2775
CVE-2016-6893
CVE-2018-0618
CVE-2018-12232
CVE-2018-13796
CVE-2018-14625
CVE-2018-16862
CVE-2018-16884
CVE-2018-18397
CVE-2018-19407
CVE-2018-19854
CVE-2018-19985
CVE-2018-20169
CVE-2018-5950
CVE-2018-9568
CVE-2019-10245
CVE-2019-11709
CVE-2019-11710
CVE-2019-11711
CVE-2019-11712
CVE-2019-11713
CVE-2019-11714
CVE-2019-11715
CVE-2019-11716
CVE-2019-11717
CVE-2019-11718
CVE-2019-11719
CVE-2019-11720
CVE-2019-11721
CVE-2019-11723
CVE-2019-11724
CVE-2019-11725
CVE-2019-11727
CVE-2019-11728
CVE-2019-11729
CVE-2019-11730
CVE-2019-11733
CVE-2019-11735
CVE-2019-11736
CVE-2019-11738
CVE-2019-11740
CVE-2019-11742
CVE-2019-11743
CVE-2019-11744
CVE-2019-11746
CVE-2019-11747
CVE-2019-11748
CVE-2019-11749
CVE-2019-11750
CVE-2019-11751
CVE-2019-11752
CVE-2019-11753
CVE-2019-12625
CVE-2019-12900
CVE-2019-14889
CVE-2019-2602
CVE-2019-2684
CVE-2019-2697
CVE-2019-2698
CVE-2019-3902
CVE-2019-9811
CVE-2019-9812
CVE-2020-11501
CVE-2020-15563
CVE-2020-15565
CVE-2020-15566
CVE-2020-15567
CVE-2020-16118
CVE-2020-28196
CVE-2020-8177
openSUSE-SU-2020:0501-1
openSUSE-SU-2020:0880-1
openSUSE-SU-2020:0908-1
openSUSE-SU-2020:1207-1
SUSE-SU-2018:4296-1
SUSE-SU-2019:1345-1
SUSE-SU-2019:2620-1
SUSE-SU-2019:3066-1
SUSE-SU-2020:0139-1
SUSE-SU-2020:3379-1
Platform(s):openSUSE Leap 15.1
openSUSE Leap 15.2
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP4-ESPOS
SUSE Linux Enterprise Server 12 SP4-LTSS
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • balsa-2.5.5-lp151.3.3 is installed
  • OR balsa-lang-2.5.5-lp151.3.3 is installed
    • Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • mercurial-4.5.2-lp152.7.3 is installed
  • OR mercurial-lang-4.5.2-lp152.7.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND mailman-2.1.17-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4-ESPOS is installed
  • AND Package Information
  • xen-4.11.4_04-2.30 is installed
  • OR xen-doc-html-4.11.4_04-2.30 is installed
  • OR xen-libs-4.11.4_04-2.30 is installed
  • OR xen-libs-32bit-4.11.4_04-2.30 is installed
  • OR xen-tools-4.11.4_04-2.30 is installed
  • OR xen-tools-domU-4.11.4_04-2.30 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4-LTSS is installed
  • AND Package Information
  • krb5-1.12.5-40.40 is installed
  • OR krb5-32bit-1.12.5-40.40 is installed
  • OR krb5-client-1.12.5-40.40 is installed
  • OR krb5-doc-1.12.5-40.40 is installed
  • OR krb5-plugin-kdb-ldap-1.12.5-40.40 is installed
  • OR krb5-plugin-preauth-otp-1.12.5-40.40 is installed
  • OR krb5-plugin-preauth-pkinit-1.12.5-40.40 is installed
  • OR krb5-server-1.12.5-40.40 is installed
    • BACK