Updated sympa packages fix security vulnerability
Publication date: 12 Sep 2019Modification date: 12 Sep 2019
Type: security
Affected Mageia releases : 6
CVE: CCVE-2018-1000550
Description
Updated sympa packages fix security vulnerability: Michael Kaczmarczik discovered a vulnerability in the web interface template editing function of Sympa, a mailing list manager. Owner and listmasters could use this flaw to create or modify arbitrary files in the server with privileges of sympa user or owner view list config files even if edit_list.conf prohibits it (CVE-2018-1000550).
References
SRPMS
6/core
- sympa-6.2.16-1.1.mga6