Debian 10261 Published by

A sympa security update has been released for Debian GNU/Linux 9 LTS to address an issue where a local attacker can obtain root access.



DLA 2401-1: sympa security update



- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2401-1 debian-lts@lists.debian.org
  https://www.debian.org/lts/security/
October 07, 2020   https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : sympa
Version : 6.2.16~dfsg-3+deb9u3
CVE ID : CVE-2020-10936
Debian Bug : 961491

Sympa, a modern mailing list manager, allows privilege escalation
through setuid wrappers. A local attacker can obtain root access.

For Debian 9 stretch, this problem has been fixed in version
6.2.16~dfsg-3+deb9u3.

We recommend that you upgrade your sympa packages.

For the detailed security status of sympa please refer to
its security tracker page at:
  https://security-tracker.debian.org/tracker/sympa

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at:   https://wiki.debian.org/LTS