mailman security update

2006-09-0809:56:52

CentOS Project

lists.centos.org

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.321 Low

EPSS

Percentile

97.0%

JSON

CentOS Errata and Security Advisory CESA-2006:0600

Mailman is a program used to help manage email discussion lists.

A flaw was found in the way Mailman handled MIME multipart messages. An
attacker could send a carefully crafted MIME multipart email message to a
mailing list run by Mailman which caused that particular mailing list
to stop working. (CVE-2006-2941)

Several cross-site scripting (XSS) issues were found in Mailman. An
attacker could exploit these issues to perform cross-site scripting attacks
against the Mailman administrator. (CVE-2006-3636)

Red Hat would like to thank Barry Warsaw for disclosing these vulnerabilities.

Users of Mailman should upgrade to these updated packages, which contain
backported patches to correct this issue.

Affected packages:
mailman

Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0600

OSVersionArchitecturePackageVersionFilename
CentOS3i386mailman< 2.1.5.1-25.rhel3.7mailman-2.1.5.1-25.rhel3.7.i386.rpm
CentOS3x86_64mailman< 2.1.5.1-25.rhel3.7mailman-2.1.5.1-25.rhel3.7.x86_64.rpm
CentOS4ia64mailman< 2.1.5.1-34.rhel4.5mailman-2.1.5.1-34.rhel4.5.ia64.rpm
CentOS3ia64mailman< 2.1.5.1-25.rhel3.7mailman-2.1.5.1-25.rhel3.7.ia64.rpm
CentOS4s390mailman< 2.1.5.1-34.rhel4.5mailman-2.1.5.1-34.rhel4.5.s390.rpm
CentOS4s390xmailman< 2.1.5.1-34.rhel4.5mailman-2.1.5.1-34.rhel4.5.s390x.rpm
CentOS3s390mailman< 2.1.5.1-25.rhel3.7mailman-2.1.5.1-25.rhel3.7.s390.rpm
CentOS3s390xmailman< 2.1.5.1-25.rhel3.7mailman-2.1.5.1-25.rhel3.7.s390x.rpm
CentOS4i386mailman< 2.1.5.1-34.rhel4.5mailman-2.1.5.1-34.rhel4.5.i386.rpm
CentOS4x86_64mailman< 2.1.5.1-34.rhel4.5mailman-2.1.5.1-34.rhel4.5.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	3	i386	mailman	< 2.1.5.1-25.rhel3.7	mailman-2.1.5.1-25.rhel3.7.i386.rpm
CentOS	3	x86_64	mailman	< 2.1.5.1-25.rhel3.7	mailman-2.1.5.1-25.rhel3.7.x86_64.rpm
CentOS	4	ia64	mailman	< 2.1.5.1-34.rhel4.5	mailman-2.1.5.1-34.rhel4.5.ia64.rpm
CentOS	3	ia64	mailman	< 2.1.5.1-25.rhel3.7	mailman-2.1.5.1-25.rhel3.7.ia64.rpm
CentOS	4	s390	mailman	< 2.1.5.1-34.rhel4.5	mailman-2.1.5.1-34.rhel4.5.s390.rpm
CentOS	4	s390x	mailman	< 2.1.5.1-34.rhel4.5	mailman-2.1.5.1-34.rhel4.5.s390x.rpm
CentOS	3	s390	mailman	< 2.1.5.1-25.rhel3.7	mailman-2.1.5.1-25.rhel3.7.s390.rpm
CentOS	3	s390x	mailman	< 2.1.5.1-25.rhel3.7	mailman-2.1.5.1-25.rhel3.7.s390x.rpm
CentOS	4	i386	mailman	< 2.1.5.1-34.rhel4.5	mailman-2.1.5.1-34.rhel4.5.i386.rpm
CentOS	4	x86_64	mailman	< 2.1.5.1-34.rhel4.5	mailman-2.1.5.1-34.rhel4.5.x86_64.rpm