Updated sympa packages fix security vulnerability:
Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of
service (disk consumption from temporary files, and a flood of
notifications to listmasters) via a series of requests with malformed
MGA7-64 Plasma on Lenovo B50
No installation issues
Ref to bugs 15097 and 6772 for config.
Accepting defaults except for passwords for mysql, no errors given
After that, checked phpmyadmin, seeing nothing like sympa.
Pointed firefox to http://localhost/sympa/, seeing there the name I gave during the wizard, but none of the links work (error 404) and the login link doesn't do anything at all.
And yes, mod_fcgid is installed.
Fedora has issued an advisory for this on March 12:
The issue is fixed upstream in 6.2.54 (and patched by us obviously).
Update request: sympa-6.2.42-1.1.mga7 =>
Update request: sympa-6.2.42-1.1.mga7 (fixes CVE-2020-9369)
Referring to Bug 23536, I see that the last update to sympa sat around for months before I finally validated it based on Herman's clean install.
We have the same situation now, but I see no reason to wait so long this time. Giving this a 64-bit OK based once again on Herman's effort, and validating.
An update for this issue has been pushed to the Mageia Updates repository.