mailman-2.1.15-30.el7
エラータID: AXSA:2020-4558:01
Mailman is a program used to help manage e-mail discussion lists.
Security Fix(es):
* mailman: Cross-site scripting vulnerability allows malicious listowners to inject scripts into listinfo pages (CVE-2018-0618)
* mailman: Mishandled URLs in Utils.py:GetPathPieces() allows attackers to display arbitrary text on trusted sites (CVE-2018-13796)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Asianux Server 7.8 Release Notes linked from the References section.
CVE-2018-0618
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-13796
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
Update packages.
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
N/A
SRPMS
- mailman-2.1.15-30.el7.src.rpm
MD5: 0dd65f23bb29e421808b0437d628d1f0
SHA-256: 7b4280efc60f3895338c40c6c8d722ce411658bb377672772954edaa33018152
Size: 8.18 MB
Asianux Server 7 for x86_64
- mailman-2.1.15-30.el7.x86_64.rpm
MD5: 2ae3c475d589fd569f3873a5eb38ef07
SHA-256: e83a6b1f731c98c5e8fc5622315f16f4c142f1b1149129d5fc2a86d68cbc77f7
Size: 5.41 MB
日本語