mailman:2.1 mailman security update
エラータID: AXSA:2021-1560:01
Mailman is a program used to help manage e-mail discussion lists.
Security Fix(es):
* mailman: XSS via file attachments in list archives (CVE-2020-12137)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2020-12137
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.
Modularity name: mailman
Stream name: 2.1
Update packages.
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.
N/A
SRPMS
- mailman-2.1.29-10.module+el8+1211+add44275.src.rpm
MD5: 7fbbea5dc935a545a309c2e0df463276
SHA-256: 619137c7941766b7308aab79dcf04594ddb18eec87cc3b179e2c7fa220b96b49
Size: 9.02 MB
Asianux Server 8 for x86_64
- mailman-2.1.29-10.module+el8+1211+add44275.x86_64.rpm
MD5: b6a29de1004128520d8bc536f2253482
SHA-256: 3afddef4785454f30c8259c792bd3e5a0e4e19f7e13a2452c3bc4b0d317eb345
Size: 5.99 MB - mailman-debugsource-2.1.29-10.module+el8+1211+add44275.x86_64.rpm
MD5: 8284c8bbf9642851e3c9956e8a2e04da
SHA-256: 2a87f4f8c2ed0d551610cdfc2070d53964888f37c5e19b96324f671455412265
Size: 36.81 kB
日本語