Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
89
security advisoryFedorasecurity fixFedora 31: FEDORA-2020-62f2df3ca4 Critical: Mailman Security Fix
notes=Security fix for CVE-2020-12108. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-62f2df3ca4 2020-07-22 01:19:44.413051 --------------------------------------------------------------------------------Name : mailman Product : Fedora 31 Version : 2.1.34 Release : 1.fc31 URL : https://www.list.org/ Summary : Mailing list manager with built in Web access Description : Mailman is software to help manage email discussion lists, much like Majordomo and Smartmail. Unlike most similar products, Mailman gives each mailing list a webpage, and allows users to subscribe, unsubscribe, etc. over the Web. Even the list manager can administer his or her list entirely from the Web. Mailman also integrates most things people want to do with mailing lists, including archiving, mail news gateways, and so on. Documentation can be found in: /usr/share/doc/mailman When the package has finished installing, you will need to perform some additional installation steps, these are described in: /usr/share/doc/mailman/INSTALL.REDHAT --------------------------------------------------------------------------------Update Information: notes=Security fix for CVE-2020-12108 --------------------------------------------------------------------------------ChangeLog: * Fri Jul 3 2020 Pavel Zhukov - 3:2.1.34-1 - new version v2.1.34 * Mon May 11 2020 Pavel Zhukov - 3:2.1.33-1 - new version v2.1.33 * Wed May 6 2020 Pavel Zhukov - 3:2.1.32-2 - Change mode of /etc/mailman to 2755 (#1656765) * Wed May 6 2020 Pavel Zhukov - 3:2.1.32-1 - New version v2.1.32 --------------------------------------------------------------------------------References: [ 1 ] Bug #1848856 - CVE-2020-12108 mailman: /options/mailman allows Arbitrary Content Injection https://bugzilla.redhat.com/show_bug.cgi?id=1848856 --------------------------------------------------------------------------------This updatecan be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-62f2df3ca4' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 21, 2020
•Critical
Fedora
172
security advisorysecurity issueubuntuUbuntu 18.04 & 16.04: USN-4406-1 Critical Mailman Login Injection
Mailman could be made to inject arbitrary content in the login page if it received a specially crafted input.. =========================================================================Ubuntu Security Notice USN-4406-1 June 29, 2020 mailman vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Mailman could be made to inject arbitrary content in the login page if it received a specially crafted input. Software Description: - mailman: Web-based mailing list manager (legacy branch) Details: It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary content in the login page. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: mailman 1:2.1.26-1ubuntu0.3 Ubuntu 16.04 LTS: mailman 1:2.1.20-1ubuntu0.6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4406-1 CVE-2020-15011 Package Information: https://launchpad.net/ubuntu/+source/mailman/1:2.1.26-1ubuntu0.3 https://launchpad.net/ubuntu/+source/mailman/1:2.1.20-1ubuntu0.6 . A recent issue with Mailman on Ubuntu permits unauthorized content insertion during login processes. Swiftly implement updates to fortify your system's security.. mailman security, ubuntu update, content injection, security advisory. . Severity: Critical. LinuxSecurity.com Team
Jun 29, 2020
•Critical
Ubuntu
203
security advisorymailmanMageiaMageia 6: MGASA-2018-0383 Moderate: Mailman Text Exposure Risk
Updated mailman package fixes security vulnerability: It was discovered that mailman prior to 2.1.29 mishandled URLs in Utils.py:GetPathPieces() which allowed attackers to display arbitrary text on trusted sites (CVE-2018-13796). . MGASA-2018-0383 - Updated mailman packages fix security vulnerability Publication date: 21 Sep 2018 URL: https://advisories.mageia.org/MGASA-2018-0383.html Type: security Affected Mageia releases: 6 CVE: CVE-2018-13796 Updated mailman package fixes security vulnerability: It was discovered that mailman prior to 2.1.29 mishandled URLs in Utils.py:GetPathPieces() which allowed attackers to display arbitrary text on trusted sites (CVE-2018-13796). References: - https://bugs.mageia.org/show_bug.cgi?id=23409 - https://lists.fedoraproject.org/archives/list/
Sep 21, 2018
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!