USN-8552-1: Sympa vulnerability

Publication date

15 July 2026

Overview

Sympa could allow unintended access to network services.


Packages

  • sympa - mailing list management software

Details

It was discovered that Sympa did not properly validate input on the
generic SSO login. A remote attacker could possibly use this issue to
perform a path traversal attack and gain unintended access.

It was discovered that Sympa did not properly validate input on the
generic SSO login. A remote attacker could possibly use this issue to
perform a path traversal attack and gain unintended access.

Update instructions

After a standard system update you need to restart sympa to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
24.04 LTS noble sympa –  6.2.70~dfsg-2+deb12u1build0.24.04.1
22.04 LTS jammy sympa –  6.2.66~dfsg-2ubuntu0.1~esm1  
20.04 LTS focal sympa –  6.2.40~dfsg-4ubuntu0.20.04.1~esm2  
18.04 LTS bionic sympa –  6.2.24~dfsg-1ubuntu0.1~esm2  
16.04 LTS xenial sympa –  6.1.24~dfsg-1ubuntu0.1~esm1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›