CVE-2015-2775 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-2775 Interim 1 28 2025-03-25T01:25:53Z current 2021-05-30T13:28:56Z 2025-03-25T01:25:53Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-2775 Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2018-December/005005.html E-Mail link for SUSE-SU-2018:4296-1 https://lists.suse.com/pipermail/sle-security-updates/2019-January/005015.html E-Mail link for SUSE-SU-2019:13924-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE Enterprise Storage 4 SUSE Liberty Linux 7 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Point of Sale 11 SP3 SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 openSUSE Tumbleweed mailman mailman-2.1.15-21.el7_1 mailman-2.1.15-9.6.6.1 mailman-2.1.17-3.3.3 mailman-2.1.17-3.8.1 mailman-2.1.23-1.2 mailman-2.1.17-3.3.3 as a component of SUSE Enterprise Storage 4 mailman-2.1.15-21.el7_1 as a component of SUSE Liberty Linux 7 mailman-2.1.17-3.8.1 as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 mailman-2.1.15-9.6.6.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 mailman-2.1.17-3.3.3 as a component of SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT mailman-2.1.15-9.6.6.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA mailman-2.1.15-9.6.6.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS mailman-2.1.15-9.6.6.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA mailman-2.1.15-9.6.6.1 as a component of SUSE Linux Enterprise Server 11 SP4 mailman-2.1.17-3.3.3 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS mailman-2.1.17-3.3.3 as a component of SUSE Linux Enterprise Server 12 SP2-BCL mailman-2.1.17-3.3.3 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS mailman-2.1.17-3.3.3 as a component of SUSE Linux Enterprise Server 12 SP3 mailman-2.1.17-3.3.3 as a component of SUSE Linux Enterprise Server 12 SP3-TERADATA mailman-2.1.17-3.3.3 as a component of SUSE Linux Enterprise Server 12 SP4 mailman-2.1.17-3.8.1 as a component of SUSE Linux Enterprise Server 12 SP5 mailman-2.1.17-3.3.3 as a component of SUSE Linux Enterprise Server 12-LTSS mailman-2.1.15-9.6.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 mailman-2.1.17-3.3.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 mailman-2.1.17-3.3.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 mailman-2.1.17-3.3.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 mailman-2.1.17-3.3.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 mailman-2.1.17-3.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 mailman-2.1.17-3.3.3 as a component of SUSE OpenStack Cloud 7 mailman-2.1.23-1.2 as a component of openSUSE Tumbleweed mailman as a component of HPE Helion OpenStack 8 mailman as a component of SUSE Linux Enterprise Server 12 mailman as a component of SUSE OpenStack Cloud 8 mailman as a component of SUSE OpenStack Cloud Crowbar 8 Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name. CVE-2015-2775 SUSE Enterprise Storage 4:mailman-2.1.17-3.3.3 SUSE Liberty Linux 7:mailman-2.1.15-21.el7_1 SUSE Linux Enterprise High Performance Computing 12 SP5:mailman-2.1.17-3.8.1 SUSE Linux Enterprise Point of Sale 11 SP3:mailman-2.1.15-9.6.6.1 SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT:mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server 11 SP1-TERADATA:mailman-2.1.15-9.6.6.1 SUSE Linux Enterprise Server 11 SP3-LTSS:mailman-2.1.15-9.6.6.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:mailman-2.1.15-9.6.6.1 SUSE Linux Enterprise Server 11 SP4:mailman-2.1.15-9.6.6.1 SUSE Linux Enterprise Server 12 SP1-LTSS:mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server 12 SP2-BCL:mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server 12 SP2-LTSS:mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server 12 SP3:mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server 12 SP3-TERADATA:mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server 12 SP4:mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server 12 SP5:mailman-2.1.17-3.8.1 SUSE Linux Enterprise Server 12-LTSS:mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mailman-2.1.15-9.6.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server for SAP Applications 12 SP2:mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server for SAP Applications 12 SP3:mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server for SAP Applications 12 SP4:mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server for SAP Applications 12 SP5:mailman-2.1.17-3.8.1 SUSE OpenStack Cloud 7:mailman-2.1.17-3.3.3 openSUSE Tumbleweed:mailman-2.1.23-1.2 SUSE Linux Enterprise Server 12:mailman moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L