Ubuntu Security Notice USN-4442-1
July 28, 2020
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 ESM
Several security issues were fixed in Sympa.
– sympa: Modern mailing list manager
Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP
GET/POST requests. An attacker could possibly use this issue to insert,
edit or obtain sensitive information. (CVE-2018-1000550)
It was discovered that Sympa incorrectly handled URL parameters. An
attacker could possibly use this issue to perform XSS attacks.
Nicolas Chatelain discovered that Sympa incorrectly handled environment
variables. An attacker could possibly use this issue with a setuid
binary and gain root privileges. (CVE-2020-10936)
The problem can be corrected by updating your system to the following
Ubuntu 14.04 ESM:
In general, a standard system update will make all the necessary changes.
CVE-2018-1000550, CVE-2018-1000671, CVE-2020-10936