Oval Definition:oval:com.redhat.rhsa:def:20050136
Revision Date:2005-02-10Version:503
Title:RHSA-2005:136: mailman security update (Important)
Description:The mailman package is software to help manage email discussion lists.

A flaw in the true_path function of Mailman was discovered. A remote attacker who is a member of a private mailman list could use a carefully crafted URL and gain access to arbitrary files on the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0202 to this issue.

Note: Mailman installations running on Apache 2.0-based servers are not vulnerable to this issue.

Users of mailman should update to these erratum packages that contain a patch and are not vulnerable to this issue.
Family:unixClass:patch
Status:Reference(s):CVE-2005-0202
RHSA-2005:136-02
Platform(s):Red Hat Enterprise Linux 3
Product(s):
Definition Synopsis
  • Red Hat Enterprise Linux 3 is installed
  • AND mailman is earlier than 3:2.1.5-24.rhel3
  • AND mailman is signed with Red Hat master key
  • BACK