Revision Date: | 2005-02-10 | Version: | 503 |
Title: | RHSA-2005:136: mailman security update (Important) |
Description: | The mailman package is software to help manage email discussion lists.
A flaw in the true_path function of Mailman was discovered. A remote attacker who is a member of a private mailman list could use a carefully crafted URL and gain access to arbitrary files on the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0202 to this issue.
Note: Mailman installations running on Apache 2.0-based servers are not vulnerable to this issue.
Users of mailman should update to these erratum packages that contain a patch and are not vulnerable to this issue.
|
Family: | unix | Class: | patch |
Status: | | Reference(s): | CVE-2005-0202 RHSA-2005:136-02
|
Platform(s): | Red Hat Enterprise Linux 3
| Product(s): | |
Definition Synopsis |
Red Hat Enterprise Linux 3 is installed AND mailman is earlier than 3:2.1.5-24.rhel3
AND mailman is signed with Red Hat master key
|