Test ID:	1.3.6.1.4.1.25623.1.1.10.2020.0276
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2020-0276)
Summary:	The remote host is missing an update for the 'mailman' package(s) announced via the MGASA-2020-0276 advisory.
Description:	Summary: The remote host is missing an update for the 'mailman' package(s) announced via the MGASA-2020-0276 advisory. Vulnerability Insight: Updated mailman package fixes security vulnerability: Up to mailman 2.1.29 when sending a file without a file extension (or an unknown file extension) then the file is stored in the list archive with the file extension .obj. Most web servers will try to assign a mime type based on the file extension and entries in /etc/mime.types, where .obj is usually not specified. This means the web server will send it out without a mime type. The browser will then try to guess the MIME type based on the file's content (MIME-sniffing). If the content is HTML then it will execute any javascript contained, leading to a potential cross-site scripting vulnerability. The mailman package has been updated to version 2.1.30, fixing this bug and other issues. See the release announcement for details. Affected Software/OS: 'mailman' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-12108 Debian Security Information: DSA-4991 (Google Search) https://www.debian.org/security/2021/dsa-4991 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/74EQIVFB34Q4UYAQLCUWG55YLKAUWCHD/ https://code.launchpad.net/mailman https://mail.python.org/pipermail/mailman-announce/ https://lists.debian.org/debian-lts-announce/2020/05/msg00007.html https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html SuSE Security Announcement: openSUSE-SU-2020:0661 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00036.html SuSE Security Announcement: openSUSE-SU-2020:0764 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00003.html SuSE Security Announcement: openSUSE-SU-2020:1707 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html SuSE Security Announcement: openSUSE-SU-2020:1752 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html https://usn.ubuntu.com/4354-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-12137 Debian Security Information: DSA-4664 (Google Search) https://www.debian.org/security/2020/dsa-4664 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6YCMGTTOXXCVM4O6CYZLTZDX6YLYORNF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4COSBBEMJYLV7WSW5QTUJUOFJFK47KK/ http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS https://www.openwall.com/lists/oss-security/2020/02/24/2 https://www.openwall.com/lists/oss-security/2020/02/24/3 https://lists.debian.org/debian-lts-announce/2020/05/msg00002.html http://www.openwall.com/lists/oss-security/2020/04/24/3 https://usn.ubuntu.com/4348-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-15011 https://bugs.launchpad.net/mailman/+bug/1877379 https://lists.debian.org/debian-lts-announce/2020/06/msg00036.html https://usn.ubuntu.com/4406-1/
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.