[USN-4406-1] Mailman vulnerability

Leonidas S. Barbosa leo.barbosa at canonical.com
Mon Jun 29 14:50:13 UTC 2020

Ubuntu Security Notice USN-4406-1
June 29, 2020

mailman vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS


Mailman could be made to inject arbitrary content in the login page if it
received a specially crafted input.

Software Description:
- mailman: Web-based mailing list manager (legacy branch)


It was discovered that Mailman incorrectly handled certain inputs.
An attacker could possibly use this issue to inject arbitrary content
in the login page.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  mailman                         1:2.1.26-1ubuntu0.3

Ubuntu 16.04 LTS:
  mailman                         1:2.1.20-1ubuntu0.6

In general, a standard system update will make all the necessary changes.


Package Information:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20200629/7fd2d531/attachment.sig>

More information about the ubuntu-security-announce mailing list