| Revision Date: | 2005-02-15 | Version: | 502 |
| Title: | RHSA-2005:137: mailman security update (Important) |
| Description: | Mailman is software to help manage email discussion lists.
A flaw in the true_path function of Mailman was discovered. A remote attacker who is a member of a private mailman list could use a carefully crafted URL and gain access to arbitrary files on the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0202 to this issue.
Note: Mailman installations running on Apache 2.0-based servers are not vulnerable to this issue.
Users of Mailman should update to these erratum packages that contain a patch and are not vulnerable to this issue.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | CVE-2005-0202
RHSA-2005:137-01
|
| Platform(s): | Red Hat Enterprise Linux 4
| Product(s): | |
| Definition Synopsis |
| Red Hat Enterprise Linux 4 is installed AND mailman is earlier than 3:2.1.5-31.rhel4
AND mailman is signed with Red Hat master key
|