postfixadmin-3.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10388-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z postfixadmin-3.0-1.1 on GA media These are all security issues fixed in the postfixadmin-3.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10388 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2012-0811/ SUSE CVE CVE-2012-0811 page https://www.suse.com/security/cve/CVE-2012-0812/ SUSE CVE CVE-2012-0812 page https://www.suse.com/security/cve/CVE-2014-2655/ SUSE CVE CVE-2014-2655 page openSUSE Tumbleweed postfixadmin-3.0-1.1 postfixadmin-3.0-1.1 as a component of openSUSE Tumbleweed Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php. CVE-2012-0811 openSUSE Tumbleweed:postfixadmin-3.0-1.1 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0811.html CVE-2012-0811 https://bugzilla.suse.com/741455 SUSE Bug 741455 PostfixAdmin 2.3.4 has multiple XSS vulnerabilities CVE-2012-0812 openSUSE Tumbleweed:postfixadmin-3.0-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0812.html CVE-2012-0812 https://bugzilla.suse.com/741455 SUSE Bug 741455 SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias. CVE-2014-2655 openSUSE Tumbleweed:postfixadmin-3.0-1.1 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-2655.html CVE-2014-2655 https://bugzilla.suse.com/870434 SUSE Bug 870434