(RHSA-2011:0308) Moderate: mailman security update

2011-03-0100:00:00

access.redhat.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

71.0%

JSON

Mailman is a program used to help manage email discussion lists.

Multiple input sanitization flaws were found in the way Mailman displayed
usernames of subscribed users on certain pages. If a user who is subscribed
to a mailing list were able to trick a victim into visiting one of those
pages, they could perform a cross-site scripting (XSS) attack against the
victim. (CVE-2011-0707)

Multiple input sanitization flaws were found in the way Mailman displayed
mailing list information. A mailing list administrator could use this flaw
to conduct a cross-site scripting (XSS) attack against victims viewing a
list’s “listinfo” page. (CVE-2010-3089)

Red Hat would like to thank Mark Sapiro for reporting these issues.

Users of mailman should upgrade to this updated package, which contains
backported patches to correct these issues.

OSVersionArchitecturePackageVersionFilename
RedHat6i686mailman< 2.1.12-14.el6_0.2mailman-2.1.12-14.el6_0.2.i686.rpm
RedHat6i686mailman-debuginfo< 2.1.12-14.el6_0.2mailman-debuginfo-2.1.12-14.el6_0.2.i686.rpm
RedHat6srcmailman< 2.1.12-14.el6_0.2mailman-2.1.12-14.el6_0.2.src.rpm
RedHat6s390xmailman-debuginfo< 2.1.12-14.el6_0.2mailman-debuginfo-2.1.12-14.el6_0.2.s390x.rpm
RedHat6s390xmailman< 2.1.12-14.el6_0.2mailman-2.1.12-14.el6_0.2.s390x.rpm
RedHat6x86_64mailman-debuginfo< 2.1.12-14.el6_0.2mailman-debuginfo-2.1.12-14.el6_0.2.x86_64.rpm
RedHat6ppc64mailman-debuginfo< 2.1.12-14.el6_0.2mailman-debuginfo-2.1.12-14.el6_0.2.ppc64.rpm
RedHat6x86_64mailman< 2.1.12-14.el6_0.2mailman-2.1.12-14.el6_0.2.x86_64.rpm
RedHat6ppc64mailman< 2.1.12-14.el6_0.2mailman-2.1.12-14.el6_0.2.ppc64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	6	i686	mailman	< 2.1.12-14.el6_0.2	mailman-2.1.12-14.el6_0.2.i686.rpm
RedHat	6	i686	mailman-debuginfo	< 2.1.12-14.el6_0.2	mailman-debuginfo-2.1.12-14.el6_0.2.i686.rpm
RedHat	6	src	mailman	< 2.1.12-14.el6_0.2	mailman-2.1.12-14.el6_0.2.src.rpm
RedHat	6	s390x	mailman-debuginfo	< 2.1.12-14.el6_0.2	mailman-debuginfo-2.1.12-14.el6_0.2.s390x.rpm
RedHat	6	s390x	mailman	< 2.1.12-14.el6_0.2	mailman-2.1.12-14.el6_0.2.s390x.rpm
RedHat	6	x86_64	mailman-debuginfo	< 2.1.12-14.el6_0.2	mailman-debuginfo-2.1.12-14.el6_0.2.x86_64.rpm
RedHat	6	ppc64	mailman-debuginfo	< 2.1.12-14.el6_0.2	mailman-debuginfo-2.1.12-14.el6_0.2.ppc64.rpm
RedHat	6	x86_64	mailman	< 2.1.12-14.el6_0.2	mailman-2.1.12-14.el6_0.2.x86_64.rpm
RedHat	6	ppc64	mailman	< 2.1.12-14.el6_0.2	mailman-2.1.12-14.el6_0.2.ppc64.rpm