[SECURITY] [DSA 4285-1] sympa security update

From: Salvatore Bonaccorso <carnil@debian.org>
To: bugtraq@securityfocus.com
Cc:
Subject: [SECURITY] [DSA 4285-1] sympa security update
Date:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4285-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
September 05, 2018                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : sympa
CVE ID         : CVE-2018-1000550

Michael Kaczmarczik discovered a vulnerability in the web interface
template editing function of Sympa, a mailing list manager. Owner and
listmasters could use this flaw to create or modify arbitrary files in
the server with privileges of sympa user or owner view list config files
even if edit_list.conf prohibits it.

For the stable distribution (stretch), this problem has been fixed in
version 6.2.16~dfsg-3+deb9u1.

We recommend that you upgrade your sympa packages.

For the detailed security status of sympa please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/sympa

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAluQLrtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0T/ow/+Piml6kbT2V/uwN88inH8NzNnjDQNj0HSVOAUyA0b9XdVfd6PhSDZgVm8
wi45hG9S0B8LduMCPP78sqdsDi/Wstrgr8oaLZyszF0eEFGeMJpyhQ8byacC2BjX
U2VOZuOUVcE1A9IzubpYSDU9A3cZDGEayxQhUGkOG71QIOF1eTWHE4MGu3aT5ck2
3/NjGJgUwsf+a86php6PqzsqibKkKLj3uez4wQSAdM5rlkn8C8rEdgAtLAhScrSs
DKHUtZ0fiKXzt6G4X9uYAfhnVECcGBBtaiyuo76VgYEgMQghrAhVtPIdE8Be867t
4n2Nx8qJE/Fggm8UlDnzc3U/dyY/xLmiJmfn63dI0QvibcsxYB+SbRgO4+WpOD3H
8+iZyAQdX6/msuDkX640ehg8qHH6cVp7b2v2KS3F/yFvFiKr3Lw729TPB5gHheOd
b8MwDXNIC7Oi0lc2gXV5LxzVORxFmakaQmf83KK1ySREa82qC1W7MaSqHz7sDCyd
2Tf3e79d8ekXowWOD1mxUESiHCrE8LCDs7B7SfULOu8OI6CQ/Gq1jJNuUsQwTXkh
ZyHB3HnuEldlCrFXLVsDvozbGYX1gxlIB2+DHlD3RxnCMrZMPD5Ij1NUmQXdJP2P
btnBI0nxBwvS9Pa16FTmbIrS+LctZhHl/GAgJVIsSIVjuInTmaU=
=SpYh
-----END PGP SIGNATURE-----





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.