Bugzilla – Bug 925502
VUL-1: CVE-2015-2775: mailman: directory traversal in MTA transports that deliver programmatically
Last modified: 2020-06-21 04:20:38 UTC
A path traversal vulnerability has been discovered and fixed in Mailman 2.1.20. This vulnerability is only exploitable by a local user on a Mailman server where the suggested Exim transport, the Postfix postfix_to_mailman.py transport or some other programmatic MTA delivery not using aliases is employed. The patch to Mailman/Utils.py at <https://bugs.launchpad.net/mailman/+bug/1437145/+attachment/4358114/+files/p> can be applied with at most a line number offset to any Mailman 2.1.x version, but the referenced mm_cfg.ACCEPTABLE_LISTNAME_CHARACTERS setting didn't exist before Mailman 2.1.11 so if you are patching an older version, you need to add: ACCEPTABLE_LISTNAME_CHARACTERS = '[-+_.=a-z0-9]' to mm_cfg.py and/or Defaults.py. All versions of SLE and openSUSE seem affected. Seems like a non-default configuration. The addition of configuration via patch package needs to be considered. References: https://bugzilla.redhat.com/show_bug.cgi?id=1208059 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2775 https://bugs.launchpad.net/mailman/+bug/1437145 Marking as a pending update.
bugbot adjusting priority
DFN-CERT picked this one up 2015-07-23 based on updates issues from other vendors: https://portal.cert.dfn.de/adv/DFN-CERT-2015-1129/
This is an autogenerated message for OBS integration: This bug (925502) was mentioned in https://build.opensuse.org/request/show/620600 Factory / mailman
Patch for mailman >= 2.1.11 is at https://launchpadlibrarian.net/201407944/p
SUSE-SU-2018:4296-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1077358,1099510,1101288,925502,995352 CVE References: CVE-2015-2775,CVE-2016-6893,CVE-2018-0618,CVE-2018-13796,CVE-2018-5950 Sources used: SUSE OpenStack Cloud 7 (src): mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server for SAP 12-SP2 (src): mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server for SAP 12-SP1 (src): mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server 12-SP4 (src): mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server 12-SP3 (src): mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server 12-SP2-LTSS (src): mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server 12-SP2-BCL (src): mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server 12-SP1-LTSS (src): mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server 12-LTSS (src): mailman-2.1.17-3.3.3 SUSE Enterprise Storage 4 (src): mailman-2.1.17-3.3.3
SUSE-SU-2019:13924-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1077358,1099510,1101288,925502,995352 CVE References: CVE-2015-2775,CVE-2016-6893,CVE-2018-0618,CVE-2018-13796,CVE-2018-5950 Sources used: SUSE Linux Enterprise Server 11-SP4 (src): mailman-2.1.15-9.6.6.1 SUSE Linux Enterprise Server 11-SP3-LTSS (src): mailman-2.1.15-9.6.6.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): mailman-2.1.15-9.6.6.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): mailman-2.1.15-9.6.6.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): mailman-2.1.15-9.6.6.1
released