Advisories » MGASA-2015-0085

Updated sympa packages fix CVE-2015-1306

Publication date: 26 Feb 2015
Modification date: 26 Feb 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-1306

Description

Updated sympa packages fix security vulnerability:

A vulnerability have been discovered in Sympa web interface that allows access
to files on the server filesystem. This breach allows to send to a list or a
user any file readable by the Sympa user, located on the server filesystem,
using the Sympa web interface newsletter posting area (CVE-2015-1306).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15097
• https://www.sympa.org/security_advisories#security_breaches_in_newsletter_posting
• https://www.debian.org/security/2015/dsa-3134
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1306

SRPMS

4/core

• sympa-6.1.17-3.3.mga4