Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Ubuntu 14.04 ESM: USN-4442-1 Moderate: Sympa Security Issues

ubuntu
Calendar Grey July 28, 2020
Dist Ubuntu Esm H88
Ubuntu Security Alert USN-4443-1 targets vulnerabilities in ClamAV impacting Ubuntu 16.04, safeguarding your system's integrity.
Several security issues were fixed in Sympa.

Summary

Several security issues were fixed in Sympa.

Software Description:

- sympa: Modern mailing list manager

Details:

Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP

GET/POST requests. An attacker could possibly use this issue to insert,

edit or obtain sensitive information. (CVE-2018-1000550)

It was discovered that Sympa incorrectly handled URL parameters. An

attacker could possibly use this issue to perform XSS attacks.

(CVE-2018-1000671)

Nicolas Chatelain discovered that Sympa incorrectly handled environment

variables. An attacker could possibly use this issue with a setuid

binary and gain root privileges. (CVE-2020-10936)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  sympa                           6.1.17~dfsg-1ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4442-1

CVE-2018-1000550, CVE-2018-1000671, CVE-2020-10936

July 28, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here