Oval Definition:oval:com.redhat.rhsa:def:20110307
Revision Date:2011-03-01Version:639
Title:RHSA-2011:0307: mailman security update (Moderate)
Description:Mailman is a program used to help manage email discussion lists.

  • Multiple input sanitization flaws were found in the way Mailman displayed usernames of subscribed users on certain pages. If a user who is subscribed to a mailing list were able to trick a victim into visiting one of those pages, they could perform a cross-site scripting (XSS) attack against the victim. (CVE-2011-0707)

  • Multiple input sanitization flaws were found in the way Mailman displayed mailing list information. A mailing list administrator could use this flaw to conduct a cross-site scripting (XSS) attack against victims viewing a list's "listinfo" page. (CVE-2008-0564, CVE-2010-3089)

    Red Hat would like to thank Mark Sapiro for reporting the CVE-2011-0707 and CVE-2010-3089 issues.

    Users of mailman should upgrade to this updated package, which contains backported patches to correct these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2008-0564
    CVE-2010-3089
    CVE-2011-0707
    RHSA-2011:0307
    RHSA-2011:0307-01
    RHSA-2011:0307-01
    Platform(s):Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND mailman is earlier than 3:2.1.5.1-34.rhel4.7
  • AND mailman is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND mailman is earlier than 3:2.1.9-6.el5_6.1
  • AND mailman is signed with Red Hat redhatrelease2 key
    • BACK