Skip to navigation

Security Advisory mailman security update

Advisory: RHSA-2005:137-07
Type: Security Advisory
Severity: Important
Issued on: 2005-02-15
Last updated on: 2005-02-15
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-0202

Details

Updated mailman packages to correct a security issue are now
available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Mailman is software to help manage email discussion lists.

A flaw in the true_path function of Mailman was discovered. A remote
attacker who is a member of a private mailman list could use a carefully
crafted URL and gain access to arbitrary files on the server. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0202 to this issue.

Note: Mailman installations running on Apache 2.0-based servers are not
vulnerable to this issue.

Users of Mailman should update to these erratum packages that contain a
patch and are not vulnerable to this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 4)

IA-32:
mailman-2.1.5-31.rhel4.i386.rpm
File outdated by:  RHSA-2011:0307
    MD5: acae7750fb5a10b3cf4c48b98c5bae02
 
x86_64:
mailman-2.1.5-31.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0307
    MD5: 3cba282612d0ca34edc58dae386c5d21
 
Red Hat Enterprise Linux AS (v. 4)

IA-32:
mailman-2.1.5-31.rhel4.i386.rpm
File outdated by:  RHSA-2011:0307
    MD5: acae7750fb5a10b3cf4c48b98c5bae02
 
IA-64:
mailman-2.1.5-31.rhel4.ia64.rpm
File outdated by:  RHSA-2011:0307
    MD5: 9762cb809921814537ec2fed5236383f
 
PPC:
mailman-2.1.5-31.rhel4.ppc.rpm
File outdated by:  RHSA-2011:0307
    MD5: 45efaecb49707ae8f6d5f530cf114deb
 
s390:
mailman-2.1.5-31.rhel4.s390.rpm
File outdated by:  RHSA-2011:0307
    MD5: 9572eac980ee2013e0ce991d8936a7d6
 
s390x:
mailman-2.1.5-31.rhel4.s390x.rpm
File outdated by:  RHSA-2011:0307
    MD5: b50808f3b6bdd658b664320af68c5d0d
 
x86_64:
mailman-2.1.5-31.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0307
    MD5: 3cba282612d0ca34edc58dae386c5d21
 
Red Hat Enterprise Linux ES (v. 4)

IA-32:
mailman-2.1.5-31.rhel4.i386.rpm
File outdated by:  RHSA-2011:0307
    MD5: acae7750fb5a10b3cf4c48b98c5bae02
 
IA-64:
mailman-2.1.5-31.rhel4.ia64.rpm
File outdated by:  RHSA-2011:0307
    MD5: 9762cb809921814537ec2fed5236383f
 
x86_64:
mailman-2.1.5-31.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0307
    MD5: 3cba282612d0ca34edc58dae386c5d21
 
Red Hat Enterprise Linux WS (v. 4)

IA-32:
mailman-2.1.5-31.rhel4.i386.rpm
File outdated by:  RHSA-2011:0307
    MD5: acae7750fb5a10b3cf4c48b98c5bae02
 
IA-64:
mailman-2.1.5-31.rhel4.ia64.rpm
File outdated by:  RHSA-2011:0307
    MD5: 9762cb809921814537ec2fed5236383f
 
x86_64:
mailman-2.1.5-31.rhel4.x86_64.rpm
File outdated by:  RHSA-2011:0307
    MD5: 3cba282612d0ca34edc58dae386c5d21
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

147344 - CAN-2005-0202 mailman flaw


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/