Skip to navigation

Security Advisory mailman security update

Advisory: RHSA-2006:0486-4
Type: Security Advisory
Severity: Moderate
Issued on: 2006-06-09
Last updated on: 2006-06-09
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2006-0052

Details

An updated mailman package that fixes a denial of service flaw is now
available for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Mailman is software to help manage email discussion lists.

A flaw was found in the way Mailman handles MIME multipart messages. An
attacker could send a carefully crafted MIME multipart email message to a
mailing list run by Mailman which would cause that particular mailing list
to stop working. (CVE-2006-0052)

Users of Mailman should upgrade to this updated package, which contains
backported patches to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)

IA-32:
mailman-2.1.5.1-25.rhel3.5.i386.rpm
File outdated by:  RHBA-2007:0464
    MD5: 1f8675edb008914d72c17ac208778ce8
 
x86_64:
mailman-2.1.5.1-25.rhel3.5.x86_64.rpm
File outdated by:  RHBA-2007:0464
    MD5: cb3afd6302189d2141198f6569405ab2
 
Red Hat Desktop (v. 4)

SRPMS:
mailman-2.1.5.1-34.rhel4.3.src.rpm
File outdated by:  RHSA-2011:0307
    MD5: 710bda1e3e2d327750b2e173e4f26ade
 
IA-32:
mailman-2.1.5.1-34.rhel4.3.i386.rpm
File outdated by:  RHSA-2011:0307
    MD5: d9ef371fe0bbfd5088458a66252fc85a
 
x86_64:
mailman-2.1.5.1-34.rhel4.3.x86_64.rpm
File outdated by:  RHSA-2011:0307
    MD5: bff48be8cc1ca2adc29e50d80c274973
 
Red Hat Enterprise Linux AS (v. 3)

IA-32:
mailman-2.1.5.1-25.rhel3.5.i386.rpm
File outdated by:  RHBA-2007:0464
    MD5: 1f8675edb008914d72c17ac208778ce8
 
IA-64:
mailman-2.1.5.1-25.rhel3.5.ia64.rpm
File outdated by:  RHBA-2007:0464
    MD5: dea1f57a4cab00421c7e733abce56d0a
 
PPC:
mailman-2.1.5.1-25.rhel3.5.ppc.rpm
File outdated by:  RHBA-2007:0464
    MD5: 28603ff74e71bf42a65a642219ac2c12
 
s390:
mailman-2.1.5.1-25.rhel3.5.s390.rpm
File outdated by:  RHBA-2007:0464
    MD5: 8b71da905859dda6df957227d7813f73
 
s390x:
mailman-2.1.5.1-25.rhel3.5.s390x.rpm
File outdated by:  RHBA-2007:0464
    MD5: 0d6b38a5ba6d707bf7be2c97e5d5f697
 
x86_64:
mailman-2.1.5.1-25.rhel3.5.x86_64.rpm
File outdated by:  RHBA-2007:0464
    MD5: cb3afd6302189d2141198f6569405ab2
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
mailman-2.1.5.1-34.rhel4.3.src.rpm
File outdated by:  RHSA-2011:0307
    MD5: 710bda1e3e2d327750b2e173e4f26ade
 
IA-32:
mailman-2.1.5.1-34.rhel4.3.i386.rpm
File outdated by:  RHSA-2011:0307
    MD5: d9ef371fe0bbfd5088458a66252fc85a
 
IA-64:
mailman-2.1.5.1-34.rhel4.3.ia64.rpm
File outdated by:  RHSA-2011:0307
    MD5: e6f69b07fa7bcda1bd243c0ee9fc625f
 
PPC:
mailman-2.1.5.1-34.rhel4.3.ppc.rpm
File outdated by:  RHSA-2011:0307
    MD5: aac7cd4291f95b603ca1318844b8aa67
 
s390:
mailman-2.1.5.1-34.rhel4.3.s390.rpm
File outdated by:  RHSA-2011:0307
    MD5: fb24bfc7f51ce6078c0f2918485aa88f
 
s390x:
mailman-2.1.5.1-34.rhel4.3.s390x.rpm
File outdated by:  RHSA-2011:0307
    MD5: d193fd7597c5f871f819865674c13c15
 
x86_64:
mailman-2.1.5.1-34.rhel4.3.x86_64.rpm
File outdated by:  RHSA-2011:0307
    MD5: bff48be8cc1ca2adc29e50d80c274973
 
Red Hat Enterprise Linux ES (v. 3)

IA-32:
mailman-2.1.5.1-25.rhel3.5.i386.rpm
File outdated by:  RHBA-2007:0464
    MD5: 1f8675edb008914d72c17ac208778ce8
 
IA-64:
mailman-2.1.5.1-25.rhel3.5.ia64.rpm
File outdated by:  RHBA-2007:0464
    MD5: dea1f57a4cab00421c7e733abce56d0a
 
x86_64:
mailman-2.1.5.1-25.rhel3.5.x86_64.rpm
File outdated by:  RHBA-2007:0464
    MD5: cb3afd6302189d2141198f6569405ab2
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
mailman-2.1.5.1-34.rhel4.3.src.rpm
File outdated by:  RHSA-2011:0307
    MD5: 710bda1e3e2d327750b2e173e4f26ade
 
IA-32:
mailman-2.1.5.1-34.rhel4.3.i386.rpm
File outdated by:  RHSA-2011:0307
    MD5: d9ef371fe0bbfd5088458a66252fc85a
 
IA-64:
mailman-2.1.5.1-34.rhel4.3.ia64.rpm
File outdated by:  RHSA-2011:0307
    MD5: e6f69b07fa7bcda1bd243c0ee9fc625f
 
x86_64:
mailman-2.1.5.1-34.rhel4.3.x86_64.rpm
File outdated by:  RHSA-2011:0307
    MD5: bff48be8cc1ca2adc29e50d80c274973
 
Red Hat Enterprise Linux WS (v. 3)

IA-32:
mailman-2.1.5.1-25.rhel3.5.i386.rpm
File outdated by:  RHBA-2007:0464
    MD5: 1f8675edb008914d72c17ac208778ce8
 
IA-64:
mailman-2.1.5.1-25.rhel3.5.ia64.rpm
File outdated by:  RHBA-2007:0464
    MD5: dea1f57a4cab00421c7e733abce56d0a
 
x86_64:
mailman-2.1.5.1-25.rhel3.5.x86_64.rpm
File outdated by:  RHBA-2007:0464
    MD5: cb3afd6302189d2141198f6569405ab2
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
mailman-2.1.5.1-34.rhel4.3.src.rpm
File outdated by:  RHSA-2011:0307
    MD5: 710bda1e3e2d327750b2e173e4f26ade
 
IA-32:
mailman-2.1.5.1-34.rhel4.3.i386.rpm
File outdated by:  RHSA-2011:0307
    MD5: d9ef371fe0bbfd5088458a66252fc85a
 
IA-64:
mailman-2.1.5.1-34.rhel4.3.ia64.rpm
File outdated by:  RHSA-2011:0307
    MD5: e6f69b07fa7bcda1bd243c0ee9fc625f
 
x86_64:
mailman-2.1.5.1-34.rhel4.3.x86_64.rpm
File outdated by:  RHSA-2011:0307
    MD5: bff48be8cc1ca2adc29e50d80c274973
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

187420 - CVE-2006-0052 Mailman DoS


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/