Alerts This Week
Warning Icon 1 1,355
Alerts This Week
Warning Icon 1 1,355

Ubuntu 18.04 & 16.04: 4354-1 Moderate: Mailman Content Injection

ubuntu
Calendar Grey May 11, 2020
Dist Ubuntu Esm H88
Vulnerability discovered in Postfix on Fedora may permit data manipulation on authentication interfaces. Immediate patching advised for optimal protection.
Mailman could be made to inject arbitrary content in the login page if it received a specially crafted input.

Summary

Mailman could be made to inject arbitrary content in the login page

if it received a specially crafted input.

Software Description:

- mailman: Web-based mailing list manager (legacy branch)

Details:

It was discovered that Mailman incorrectly handled certain inputs.

An attacker could possibly use this issue to inject arbitrary content

in the login page.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  mailman                         1:2.1.26-1ubuntu0.2

Ubuntu 16.04 LTS:
  mailman                         1:2.1.20-1ubuntu0.5

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4354-1

CVE-2020-12108

May 11, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here