Advisories » MGASA-2019-0263

Updated sympa packages fix security vulnerability

Publication date: 12 Sep 2019
Modification date: 12 Sep 2019
Type: security
Affected Mageia releases : 6
CVE: CCVE-2018-1000550

Description

Updated sympa packages fix security vulnerability:

Michael Kaczmarczik discovered a vulnerability in the web interface
template editing function of Sympa, a mailing list manager. Owner and
listmasters could use this flaw to create or modify arbitrary files in
the server with privileges of sympa user or owner view list config files
even if edit_list.conf prohibits it (CVE-2018-1000550).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23536
• https://sympa-community.github.io/security/2018-001.html
• https://www.debian.org/security/2018/dsa-4285
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CCVE-2018-1000550

SRPMS

6/core

• sympa-6.2.16-1.1.mga6