Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2020.0276
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2020-0276)
Zusammenfassung:	The remote host is missing an update for the 'mailman' package(s) announced via the MGASA-2020-0276 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'mailman' package(s) announced via the MGASA-2020-0276 advisory. Vulnerability Insight: Updated mailman package fixes security vulnerability: Up to mailman 2.1.29 when sending a file without a file extension (or an unknown file extension) then the file is stored in the list archive with the file extension .obj. Most web servers will try to assign a mime type based on the file extension and entries in /etc/mime.types, where .obj is usually not specified. This means the web server will send it out without a mime type. The browser will then try to guess the MIME type based on the file's content (MIME-sniffing). If the content is HTML then it will execute any javascript contained, leading to a potential cross-site scripting vulnerability. The mailman package has been updated to version 2.1.30, fixing this bug and other issues. See the release announcement for details. Affected Software/OS: 'mailman' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-12108 Debian Security Information: DSA-4991 (Google Search) https://www.debian.org/security/2021/dsa-4991 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/74EQIVFB34Q4UYAQLCUWG55YLKAUWCHD/ https://code.launchpad.net/mailman https://mail.python.org/pipermail/mailman-announce/ https://lists.debian.org/debian-lts-announce/2020/05/msg00007.html https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html SuSE Security Announcement: openSUSE-SU-2020:0661 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00036.html SuSE Security Announcement: openSUSE-SU-2020:0764 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00003.html SuSE Security Announcement: openSUSE-SU-2020:1707 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html SuSE Security Announcement: openSUSE-SU-2020:1752 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html https://usn.ubuntu.com/4354-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-12137 Debian Security Information: DSA-4664 (Google Search) https://www.debian.org/security/2020/dsa-4664 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6YCMGTTOXXCVM4O6CYZLTZDX6YLYORNF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4COSBBEMJYLV7WSW5QTUJUOFJFK47KK/ http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS https://www.openwall.com/lists/oss-security/2020/02/24/2 https://www.openwall.com/lists/oss-security/2020/02/24/3 https://lists.debian.org/debian-lts-announce/2020/05/msg00002.html http://www.openwall.com/lists/oss-security/2020/04/24/3 https://usn.ubuntu.com/4348-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-15011 https://bugs.launchpad.net/mailman/+bug/1877379 https://lists.debian.org/debian-lts-announce/2020/06/msg00036.html https://usn.ubuntu.com/4406-1/
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.