Debian Security Advisory 4285-1

Debian Security Advisory 4285-1: Posted Sep 6, 2018; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4285-1 - Michael Kaczmarczik discovered a vulnerability in the web interface template editing function of Sympa, a mailing list manager. Owner and listmasters could use this flaw to create or modify arbitrary files in the server with privileges of sympa user or owner view list config files even if edit_list.conf prohibits it.; tags | advisory, web, arbitrary; systems | linux, debian; advisories | CVE-2018-1000550; SHA-256 | 5c2ba7cbb9fcd992151e2ae9f06b6209136ab9b39e986818b4270b3422c42f07; Download | Favorite | View

Debian Security Advisory 4285-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4285-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
September 05, 2018                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : sympa
CVE ID         : CVE-2018-1000550

Michael Kaczmarczik discovered a vulnerability in the web interface
template editing function of Sympa, a mailing list manager. Owner and
listmasters could use this flaw to create or modify arbitrary files in
the server with privileges of sympa user or owner view list config files
even if edit_list.conf prohibits it.

For the stable distribution (stretch), this problem has been fixed in
version 6.2.16~dfsg-3+deb9u1.

We recommend that you upgrade your sympa packages.

For the detailed security status of sympa please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/sympa

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAluQLrtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0T/ow/+Piml6kbT2V/uwN88inH8NzNnjDQNj0HSVOAUyA0b9XdVfd6PhSDZgVm8
wi45hG9S0B8LduMCPP78sqdsDi/Wstrgr8oaLZyszF0eEFGeMJpyhQ8byacC2BjX
U2VOZuOUVcE1A9IzubpYSDU9A3cZDGEayxQhUGkOG71QIOF1eTWHE4MGu3aT5ck2
3/NjGJgUwsf+a86php6PqzsqibKkKLj3uez4wQSAdM5rlkn8C8rEdgAtLAhScrSs
DKHUtZ0fiKXzt6G4X9uYAfhnVECcGBBtaiyuo76VgYEgMQghrAhVtPIdE8Be867t
4n2Nx8qJE/Fggm8UlDnzc3U/dyY/xLmiJmfn63dI0QvibcsxYB+SbRgO4+WpOD3H
8+iZyAQdX6/msuDkX640ehg8qHH6cVp7b2v2KS3F/yFvFiKr3Lw729TPB5gHheOd
b8MwDXNIC7Oi0lc2gXV5LxzVORxFmakaQmf83KK1ySREa82qC1W7MaSqHz7sDCyd
2Tf3e79d8ekXowWOD1mxUESiHCrE8LCDs7B7SfULOu8OI6CQ/Gq1jJNuUsQwTXkh
ZyHB3HnuEldlCrFXLVsDvozbGYX1gxlIB2+DHlD3RxnCMrZMPD5Ij1NUmQXdJP2P
btnBI0nxBwvS9Pa16FTmbIrS+LctZhHl/GAgJVIsSIVjuInTmaU=SpYh
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 175 files
Ubuntu 51 files
Debian 24 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Debian Security Advisory 4285-1

Debian Security Advisory 4285-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4285-1

Share This

Debian Security Advisory 4285-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems