Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1848 hyperkitty security update 31 May 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: hyperkitty Publisher: Debian Operating System: Debian GNU/Linux UNIX variants (UNIX, Linux, OSX) Impact/Access: Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-33038 Original Bulletin: http://www.debian.org/security/2021/dsa-4922 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running hyperkitty check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4922-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 29, 2021 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : hyperkitty CVE ID : CVE-2021-33038 Amir Sarabadani and Kunal Mehta discovered that the import functionality of Hyperkitty, the web user interface to access Mailman 3 archives, did not restrict the visibility of private archives during the import, i.e. that during the import of a private Mailman 2 archive the archive was publicly accessible until the import completed. For the stable distribution (buster), this problem has been fixed in version 1.2.2-1+deb10u1. We recommend that you upgrade your hyperkitty packages. For the detailed security status of hyperkitty please refer to its security tracker page at: https://security-tracker.debian.org/tracker/hyperkitty Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCyGwMACgkQEMKTtsN8 TjYNeA//aKIOxYnECImzLoOsdq7bZ0EkklzMOExDUDj5YkPuyoU5u4UXT3ulllAL sd2q8PHw1SNp873juSEYTI9nqnHf8VmnL9oRp1Wr7MIVT6pxIOUhGQZCx4nMEih8 ovF9ZrSeyGeZH3jEUp+P1N9LNlEPHqLXb5xIRmDgv/WdBhZklBdGAzXqQ2A2bBpa QiOoE5K25F3n/66PuPhzbiYnjmdvbTWOVJO0mma4d0ITHRED+tTGTQyG6sDEi+mo 83LNdAh/Ytvo3M5AODiJn/EUMnzegBydMp758QFLuvheTkw1e1QuPQk1M3Y9nHw/ DMOyR8rwSEUl1REDVZTol2RTX83HH7wRiLNK4ImTqJkzbV2+1cE2Kfg/0T4CX1FH Wuey7dhLusOlkkSpL6T8xRI2rwV6xDkLM7sYspzn7JTHzRjkqDPjEafOBXvNekvu VIGaIdZpDPQ6C3S82VtMwInDfCh8mxjj2JcZgxj0QJTVwYJZI072P3BbMoiwA/ce WJGOtebbtxpizjmxCOQaSgnC5dow8oH/5lIVu30z09+j1cke8SCCrYmN8FxIs3Qi nrjX+yCnZ2JSrX1L1o59WWaQkeEcRwvNwF+ggaQbt+NmFXVxBlUGCu1qd9y/IWMj KtB5440D+dmxiZaUoltZ+84zU5HHoqi+1nE3k0Nkj64LS5vY+iA= =uZSt - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYLRKFuNLKJtyKPYoAQi6RhAAl/RO2ZzLvcHlg3i6HpDMIOKnuTGq5CMn t4goORlEHBcm/hO9GTvjJcoXFZOl3lNZ+x/77XrAbGNdRQTOmhe2jsmz366MjciT 87B89OGJG2yZLfQC3uTTOE8X887PsJXj2oTq/6ppEJm6M4QD9Z5yaBHftVYWxmyA D1M0y4CMEHdUeq1tgDoMaPGKg7CyHKGD/5viuut87PFzYqTUg2jEvHE97D9OWEoa qjOWw1LGSj70HbpiUHnHKKNsVtwoRqYR9otgvkRFwYNEAw9X4l50HIwr2Loi9uIw JnZHAfvGV5pt2omej3xOmTHWJF4Qb+wWEPschc8Nplh1Rn5XP43qV2TFGchh1dkT zmamhZUaFdpUR230W1AHXZxaN5LJ/5bijZexS+bz79fXoaKfQ4XUOHEPJaJjJrjY 0tE65IspJdAaE22T+ehItdXp0PHQwYy9ztOcP1NL9ZIcWox4kQijfQswoiea1C99 1rQ4YEpbbWaWPNG2SBGjxDc8sRUwSbiQxa6PGgLztpybG6BN7AbMc+JNQ67lHSot 39d0rTuQMDZFc4bgm6cnvk0k0BmyPyodh6ma2TZ6UapN3QMtsI2QwsVtMnFi4Wbe B4Hg4iyG8YkKhYyTEasRDWRt7ASfDzrWF+GzrCrpF/6RayDb8tVD5fvVE4f5Y6Zo cOKjNcxlN9Q= =NPGf -----END PGP SIGNATURE-----