| Revision Date: | 2018-12-28 | Version: | 1 |
| Title: | Security update for mailman (Important) |
| Description: |
This update for mailman fixes the following security vulnerabilities:
* - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs (bsc#1077358 CVE-2018-5950) - Fixed a directory traversal vulnerability in MTA transports when using the recommended Mailman Transport for Exim (bsc#925502 CVE-2015-2775) - Fixed a XSS vulnerability, which allowed malicious listowners to inject scripts into the listinfo pages (bsc#1099510 CVE-2018-0618) - Fixed arbitrary text injection vulnerability in several mailman CGIs (CVE-2018-13796 bsc#1101288) - Fixed a CSRF vulnerability on the user options page (CVE-2016-6893 bsc#995352)
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1077358
1099510
1101288
925502
995352
CVE-2015-2775
CVE-2016-6893
CVE-2018-0618
CVE-2018-13796
CVE-2018-5950
SUSE-SU-2018:4296-1
|
| Platform(s): | SUSE Linux Enterprise Server 12 SP2-LTSS
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND mailman-2.1.17-3.3.3 is installed
|