USN-4442-2

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-4442-2

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4442-2.json

JSON Data

https://api.test.osv.dev/v1/vulns/USN-4442-2

Related

Published

2021-03-15T22:14:00.474500Z

Modified

2021-03-15T22:14:00.474500Z

Summary

sympa vulnerabilities

Details

USN-4442-1 fixed vulnerabilities in Sympa. This update provides the corresponding updates for Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. Original advisory details:

Nicolas Chatelain discovered that Sympa incorrectly handled environment variables. An attacker could possibly use this issue with a setuid binary and gain root privileges. (CVE-2020-10936)

Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP GET/POST requests. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-1000550)

It was discovered that Sympa incorrectly handled URL parameters. An attacker could possibly use this issue to perform XSS attacks. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-1000671)

References

Affected packages

Ubuntu:Pro:16.04:LTS / sympa

Package

Name: sympa
Purl: pkg:deb/ubuntu/sympa?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.24~dfsg-1ubuntu0.1~esm1

Affected versions

6.*

6.1.24~dfsg-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "6.1.24~dfsg-1ubuntu0.1~esm1",
            "binary_name": "sympa"
        },
        {
            "binary_version": "6.1.24~dfsg-1ubuntu0.1~esm1",
            "binary_name": "sympa-dbgsym"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / sympa

Package

Name: sympa
Purl: pkg:deb/ubuntu/sympa?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.2.24~dfsg-1ubuntu0.1~esm1

Affected versions

6.*

6.2.18~dfsg-1

6.2.22~dfsg-1

6.2.24~dfsg-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "6.2.24~dfsg-1ubuntu0.1~esm1",
            "binary_name": "sympa"
        },
        {
            "binary_version": "6.2.24~dfsg-1ubuntu0.1~esm1",
            "binary_name": "sympa-dbgsym"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / sympa

Package

Name: sympa
Purl: pkg:deb/ubuntu/sympa?arch=src?distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.2.40~dfsg-4ubuntu0.20.04.1~esm1

Affected versions

6.*

6.2.40~dfsg-1

6.2.40~dfsg-3

6.2.40~dfsg-4

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "6.2.40~dfsg-4ubuntu0.20.04.1~esm1",
            "binary_name": "sympa"
        },
        {
            "binary_version": "6.2.40~dfsg-4ubuntu0.20.04.1~esm1",
            "binary_name": "sympa-dbgsym"
        }
    ]
}