Debian Security Advisory 4818-1

Debian Security Advisory 4818-1: Posted Dec 28, 2020; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4818-1 - Several vulnerabilities were discovered in Sympa, a mailing list manager, which could result in local privilege escalation, denial of service or unauthorized access via the SOAP API.; tags | advisory, denial of service, local, vulnerability; systems | linux, debian; advisories | CVE-2020-10936, CVE-2020-26932, CVE-2020-29668, CVE-2020-9369; SHA-256 | b5e2af845768d3755cb9be263eef29650e1f5a4b75aef651239c12da54242c22; Download | Favorite | View

Debian Security Advisory 4818-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4818-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
December 23, 2020                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : sympa
CVE ID         : CVE-2020-9369 CVE-2020-10936 CVE-2020-26932 CVE-2020-29668
Debian Bug     : 952428 961491 971904 976020

Several vulnerabilities were discovered in Sympa, a mailing list
manager, which could result in local privilege escalation, denial of
service or unauthorized access via the SOAP API.

Additionally to mitigate CVE-2020-26880 the sympa_newaliases-wrapper is
no longer installed setuid root by default. A new Debconf question is
introduced to allow setuid installations in setups where it is needed.

For the stable distribution (buster), these problems have been fixed in
version 6.2.40~dfsg-1+deb10u1.

We recommend that you upgrade your sympa packages.

For the detailed security status of sympa please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/sympa

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl/juo1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QhJxAAk4vQbKnLmvlEUxK8dc7dnIoQuBxvnjVFl+IJaVm2V6UmSk+taIBeG9hp
F8lsZ3xR9Q1Em59BL1/orFdgi45k1B+8FDBm+Ha5o9Lj/vuwihcEwidtDLZmL24D
fE8kV/kTg2qe2w0XGc8yGy4cph/r0oC7W6yThOD1ucnjwAWpxQZYPaa2uNFeXPTH
6RR4jb5NyBGXkGdEDqzWFtB+XDX0kQSgmm6fXDJSJ2qMpUuOqCBURdjx84SSqOaW
d+JWOi1ScYbp0fS1z22ebOjLVpRQahPSfUBq7vjdgLZ2+WmIWTU2H9dDd0fzSLvJ
60Skjx6Hdvl4X3jZx8zu/L3cMWkgIhvUDFMiEK6QswoWbKtv86SaEsJbb1wxeTXm
ZynY4KSMfOSoVc2gRrjzJthHQssOKoj9Vlqxypho/UeIE+ftznd9xzb0Fjo338Td
8SRGw7bVpU0HiB+HQCUzHw38zimWpNKATh9TYTiAqivRHq4jqGnIDuBNKl0trmzt
6XOP88UnBz8808EhfDw9mv0JJzuk2fAzasA4CveXXZXW8FaT93VjYek6pBW/iwHl
PuRArbtMU+vDMTrjTV2b/8BcSFwsoc8vPV1m40YTbMk7pUD2gfDc7qOEbJIfJP45
XGsvkFgQTXtnBRtRqC2JD2suyuAVQVZi1W0EjSHCiFHsdrQe/k8=
=gYWg
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Debian Security Advisory 4818-1

Debian Security Advisory 4818-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4818-1

Share This

Debian Security Advisory 4818-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems