ALAS-2020-1395


Amazon Linux 1 Security Advisory: ALAS-2020-1395
Advisory Release Date: 2020-07-14 01:54 Pacific
Advisory Updated Date: 2020-07-15 17:29 Pacific
Severity: Medium

Issue Overview:

Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. (CVE-2018-0618)

An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site. (CVE-2018-13796)


Affected Packages:

mailman


Issue Correction:
Run yum update mailman to update your system.

New Packages:
i686:
    mailman-2.1.15-30.25.amzn1.i686
    mailman-debuginfo-2.1.15-30.25.amzn1.i686

src:
    mailman-2.1.15-30.25.amzn1.src

x86_64:
    mailman-debuginfo-2.1.15-30.25.amzn1.x86_64
    mailman-2.1.15-30.25.amzn1.x86_64