USN-4442-2

See a problem?
Source
https://ubuntu.com/security/notices/USN-4442-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-4442-2.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4442-2
Related
Published
2021-03-15T22:14:00.474500Z
Modified
2021-03-15T22:14:00.474500Z
Summary
sympa vulnerabilities
Details

USN-4442-1 fixed vulnerabilities in Sympa. This update provides the corresponding updates for Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. Original advisory details:

Nicolas Chatelain discovered that Sympa incorrectly handled environment variables. An attacker could possibly use this issue with a setuid binary and gain root privileges. (CVE-2020-10936)

Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP GET/POST requests. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-1000550)

It was discovered that Sympa incorrectly handled URL parameters. An attacker could possibly use this issue to perform XSS attacks. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-1000671)

References

Affected packages

Ubuntu:Pro:20.04:LTS / sympa

Package

Name
sympa

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.2.40~dfsg-4ubuntu0.20.04.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "sympa": "6.2.40~dfsg-4ubuntu0.20.04.1~esm1"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / sympa

Package

Name
sympa

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.2.24~dfsg-1ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "sympa": "6.2.24~dfsg-1ubuntu0.1~esm1"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / sympa

Package

Name
sympa

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.24~dfsg-1ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "sympa": "6.1.24~dfsg-1ubuntu0.1~esm1"
        }
    ]
}