SUSE-SU-2020:1301-1

Details

This update for mailman fixes the following issues:

Security issue fixed:

CVE-2020-12108: Fixed a content injection bug (bsc#1171363).
CVE-2020-12137: Fixed a XSS vulnerability caused by MIME type confusion (bsc#1170558).

Non-security issue fixed:

Fixed rights and ownership on /var/lib/mailman/archives (bsc#1167068).
Don't default to invalid hosts for DEFAULT_EMAIL_HOST (bsc#682920).

Affected Packages

mailman

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSS

Fixed in:

2.1.17-3.20.1

References

REPORT

https://bugzilla.suse.com/1167068

REPORT

https://bugzilla.suse.com/1170558

REPORT

https://bugzilla.suse.com/1171363

REPORT

https://bugzilla.suse.com/682920

WEB

https://www.suse.com/security/cve/CVE-2020-12108

WEB

https://www.suse.com/security/cve/CVE-2020-12137

ADVISORY

https://www.suse.com/support/update/announcement/2020/suse-su-20201301-1/