DSA-4818-1 sympa -- sympaID: oval:org.secpod.oval:def:605361 | Date: (C)2020-12-28 (M)2023-11-13 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in Sympa, a mailing list manager, which could result in local privilege escalation, denial of service or unauthorized access via the SOAP API. Additionally to mitigate CVE-2020-26880 the sympa_newaliases-wrapper is no longer installed setuid root by default. A new Debconf question is introduced to allow setuid installations in setups where it is needed.