ALAS2-2018-985


Amazon Linux 2 Security Advisory: ALAS-2018-985
Advisory Release Date: 2018-04-05 23:23 Pacific
Severity: Medium
References: CVE-2018-5950 

Issue Overview:

Cross-site scripting (XSS) vulnerability in web UI
A cross-site scripting (XSS) flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, can execute arbitrary web scripts on the user's side and force the victim to perform unintended actions. (CVE-2018-5950 )


Affected Packages:

mailman


Issue Correction:
Run yum update mailman to update your system.

New Packages:
src:
    mailman-2.1.15-26.amzn2.1.src

x86_64:
    mailman-2.1.15-26.amzn2.1.x86_64
    mailman-debuginfo-2.1.15-26.amzn2.1.x86_64