SUSE-SU-2018:4296-1 -- SLES mailmanID: oval:org.secpod.oval:def:89043828 | Date: (C)2021-03-05 (M)2022-09-21 |
Class: PATCH | Family: unix |
This update for mailman fixes the following security vulnerabilities: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user"s browser via specially encoded URLs - Fixed a directory traversal vulnerability in MTA transports when using the recommended Mailman Transport for Exim - Fixed a XSS vulnerability, which allowed malicious listowners to inject scripts into the listinfo pages - Fixed arbitrary text injection vulnerability in several mailman CGIs - Fixed a CSRF vulnerability on the user options page
Platform: |
SUSE Linux Enterprise Server 12 SP3 |
SUSE Linux Enterprise Server 12 SP2 |
SUSE Linux Enterprise Server 12 SP4 |