[USN-4442-1] Sympa vulnerabilities
eduardo.barretto at canonical.com
Tue Jul 28 19:54:14 UTC 2020
Ubuntu Security Notice USN-4442-1
July 28, 2020
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Several security issues were fixed in Sympa.
- sympa: Modern mailing list manager
Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP
GET/POST requests. An attacker could possibly use this issue to insert,
edit or obtain sensitive information. (CVE-2018-1000550)
It was discovered that Sympa incorrectly handled URL parameters. An
attacker could possibly use this issue to perform XSS attacks.
Nicolas Chatelain discovered that Sympa incorrectly handled environment
variables. An attacker could possibly use this issue with a setuid
binary and gain root privileges. (CVE-2020-10936)
The problem can be corrected by updating your system to the following
Ubuntu 14.04 ESM:
In general, a standard system update will make all the necessary changes.
CVE-2018-1000550, CVE-2018-1000671, CVE-2020-10936
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the ubuntu-security-announce