Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.3472 sympa security update 8 October 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: sympa Publisher: Debian Operating System: Debian GNU/Linux 9 Impact/Access: Root Compromise -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-10936 Reference: ESB-2020.2585 Original Bulletin: https://lists.debian.org/debian-lts-announce/2020/10/msg00012.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2401-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ October 07, 2020 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : sympa Version : 6.2.16~dfsg-3+deb9u3 CVE ID : CVE-2020-10936 Debian Bug : 961491 Sympa, a modern mailing list manager, allows privilege escalation through setuid wrappers. A local attacker can obtain root access. For Debian 9 stretch, this problem has been fixed in version 6.2.16~dfsg-3+deb9u3. We recommend that you upgrade your sympa packages. For the detailed security status of sympa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/sympa Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl9+LF4ACgkQj/HLbo2J BZ9ymQgApde1dAsEORf2VntldXLkuRgzf7ti1WJrouMm1ra6llvKMY4KZFUDcplo zSoqWvvn2hYjQ06L1bB1pxqSG8nTdllTijuLWt9sJTw3FZhY6hWS+b/IcIcUc9HB IYoAafQu286dbBNAMLMwzwAyA4X/XmRrJaFm2tIjI56fVZ5cx9Y8ST4uc6r4qDCR UasJ838Ej297vR3Vlgww44QGgOwFBCimXOSXNZN8toQRN5l/gmgNT5tsfmgn74+d bHuvldPckJYH3IK7FUDHQdXkM5H0auNrduwxasejRDNQqYtOl3KpQOIEZjgbzOaL MQQ1MiJwdEp/miMZjyLVQJcLlXPHVg== =Zkth - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX35Y3eNLKJtyKPYoAQiY5xAAjtNBq7UFGp2pxmx66NgJ2lfq1YsAH0ig pPrUkweAFRggPcKM5l9b/VbBIbENZI151QzqJhnmLrS/4vGcrY5HN0FKxk6kN9u+ 8RdhtcxVdtQiPe4CqfENPtsBWRELYtXPO5AW9S3+iz0eKetpY/GcfabknlnsVsj9 C7R3m6f+MiPh2T0tiXWfBzCoJzK7FS3PLsa+z+SOxm0fxkU7CcBN3MONZCoD591S zjbIxoZiEUJBTB76BSBvN+Eu03Ahm35Po9bCUOzV6xObyLnXRUohV+Ry2fP2LSU5 Iq9+NjEX0kYk7PXwRaEu9LtiN6oC8WoymEwbcyKU4lxQc0uhnHH9g/VAbZfyRYGM WeZEE0TzgbhiBpe84G+7SLA0s+xhRDKUW7HyyGrwMZPA625zmyRMtr2wJA7W5Lrt i8bW15pmddbrEe5l1dlh/vZhDcRPNRYPJWct9nQnj/50ouQ6qHpTnzIcqzsxnML5 gBgKyZOs8KrXyVKQ/nfiRa5fe4ZuVQZqLltLW5/s9X+LR/XWo5WSnJGCx2VYvzx6 JTqwkPHuRDBYZ7wl96+naHiqxDYtGg5wldSwt6M6+xe9dknxMswe6EQOX7vx1VAu rE5FW163O/rgIMX7ajVLIx151Jgl4r/2XG+iEx54Q2pfEohTrDb41psD+Yuq0YmU c5kdoy6uHjs= =1GBc -----END PGP SIGNATURE-----