(RHSA-2005:137) mailman security update

2005-02-15T05:00:00
ID RHSA-2005:137
Type redhat
Reporter RedHat
Modified 2017-09-08T11:51:09

Description

Mailman is software to help manage email discussion lists.

A flaw in the true_path function of Mailman was discovered. A remote attacker who is a member of a private mailman list could use a carefully crafted URL and gain access to arbitrary files on the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0202 to this issue.

Note: Mailman installations running on Apache 2.0-based servers are not vulnerable to this issue.

Users of Mailman should update to these erratum packages that contain a patch and are not vulnerable to this issue.