Updated mailman packages that correct a mailman security issue are now
available.
The mailman package is software to help manage email discussion lists.
A flaw in the true_path function of Mailman was discovered. A remote
attacker who is a member of a private mailman list could use a carefully
crafted URL and gain access to arbitrary files on the server. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0202 to this issue.
Note: Mailman installations running on Apache 2.0-based servers are not
vulnerable to this issue.
Users of mailman should update to these erratum packages that contain a
patch and are not vulnerable to this issue.
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
| Red Hat Desktop (v. 3) |
|
| SRPMS: |
| mailman-2.1.5-24.rhel3.src.rpm |
fc80029809707e28804793106c318980 |
| |
| IA-32: |
mailman-2.1.5-24.rhel3.i386.rpm
File outdated by: RHBA-2007:0464 |
dadadb745865351551bf19414a5cd117 |
| |
| x86_64: |
mailman-2.1.5-24.rhel3.x86_64.rpm
File outdated by: RHBA-2007:0464 |
9c4a565c522a774ce07e50270a554c83 |
| |
| Red Hat Enterprise Linux AS (v. 2.1) |
|
| SRPMS: |
| mailman-2.0.13-7.src.rpm |
260191010b33b847cff74a0987a149d9 |
| |
| IA-32: |
| mailman-2.0.13-7.i386.rpm |
cf827db7f2ebd3f61984be805a0ba9ef |
| |
| IA-64: |
| mailman-2.0.13-7.ia64.rpm |
fadcb0f97df37d7b7e76e3b02527c75c |
| |
| Red Hat Enterprise Linux AS (v. 3) |
|
| SRPMS: |
| mailman-2.1.5-24.rhel3.src.rpm |
fc80029809707e28804793106c318980 |
| |
| IA-32: |
mailman-2.1.5-24.rhel3.i386.rpm
File outdated by: RHBA-2007:0464 |
dadadb745865351551bf19414a5cd117 |
| |
| IA-64: |
mailman-2.1.5-24.rhel3.ia64.rpm
File outdated by: RHBA-2007:0464 |
bb4e5bbe816d2f6367a9ce95294bcc16 |
| |
| PPC: |
mailman-2.1.5-24.rhel3.ppc.rpm
File outdated by: RHBA-2007:0464 |
65e7d8774cce2917d3fc5a0caa852e14 |
| |
| s390: |
mailman-2.1.5-24.rhel3.s390.rpm
File outdated by: RHBA-2007:0464 |
46808237cd331ec20b5f5fdd6e648c32 |
| |
| s390x: |
mailman-2.1.5-24.rhel3.s390x.rpm
File outdated by: RHBA-2007:0464 |
f71588d6b4e3d731296aad6491887e35 |
| |
| x86_64: |
mailman-2.1.5-24.rhel3.x86_64.rpm
File outdated by: RHBA-2007:0464 |
9c4a565c522a774ce07e50270a554c83 |
| |
| Red Hat Enterprise Linux ES (v. 2.1) |
|
| SRPMS: |
| mailman-2.0.13-7.src.rpm |
260191010b33b847cff74a0987a149d9 |
| |
| IA-32: |
| mailman-2.0.13-7.i386.rpm |
cf827db7f2ebd3f61984be805a0ba9ef |
| |
| Red Hat Enterprise Linux ES (v. 3) |
|
| SRPMS: |
| mailman-2.1.5-24.rhel3.src.rpm |
fc80029809707e28804793106c318980 |
| |
| IA-32: |
mailman-2.1.5-24.rhel3.i386.rpm
File outdated by: RHBA-2007:0464 |
dadadb745865351551bf19414a5cd117 |
| |
| IA-64: |
mailman-2.1.5-24.rhel3.ia64.rpm
File outdated by: RHBA-2007:0464 |
bb4e5bbe816d2f6367a9ce95294bcc16 |
| |
| x86_64: |
mailman-2.1.5-24.rhel3.x86_64.rpm
File outdated by: RHBA-2007:0464 |
9c4a565c522a774ce07e50270a554c83 |
| |
| Red Hat Enterprise Linux WS (v. 3) |
|
| SRPMS: |
| mailman-2.1.5-24.rhel3.src.rpm |
fc80029809707e28804793106c318980 |
| |
| IA-32: |
mailman-2.1.5-24.rhel3.i386.rpm
File outdated by: RHBA-2007:0464 |
dadadb745865351551bf19414a5cd117 |
| |
| IA-64: |
mailman-2.1.5-24.rhel3.ia64.rpm
File outdated by: RHBA-2007:0464 |
bb4e5bbe816d2f6367a9ce95294bcc16 |
| |
| x86_64: |
mailman-2.1.5-24.rhel3.x86_64.rpm
File outdated by: RHBA-2007:0464 |
9c4a565c522a774ce07e50270a554c83 |
| |
| Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor |
|
| SRPMS: |
| mailman-2.0.13-7.src.rpm |
260191010b33b847cff74a0987a149d9 |
| |
| IA-64: |
| mailman-2.0.13-7.ia64.rpm |
fadcb0f97df37d7b7e76e3b02527c75c |
| |
(The unlinked packages above are only available from the Red Hat Network)
|
147342 - CAN-2005-0202 mailman flaw
mailman security update