Amazon Linux 1 Security Advisory: ALAS-2020-1395
Advisory Release Date: 2020-07-14 01:54 Pacific
Advisory Updated Date: 2020-07-15 17:29 Pacific
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. (CVE-2018-0618)
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site. (CVE-2018-13796)
Affected Packages:
mailman
Issue Correction:
Run yum update mailman to update your system.
i686:
mailman-2.1.15-30.25.amzn1.i686
mailman-debuginfo-2.1.15-30.25.amzn1.i686
src:
mailman-2.1.15-30.25.amzn1.src
x86_64:
mailman-debuginfo-2.1.15-30.25.amzn1.x86_64
mailman-2.1.15-30.25.amzn1.x86_64