| Revision Date: | 2011-03-01 | Version: | 638 |
| Title: | RHSA-2011:0308: mailman security update (Moderate) |
| Description: | Mailman is a program used to help manage email discussion lists.
Multiple input sanitization flaws were found in the way Mailman displayed usernames of subscribed users on certain pages. If a user who is subscribed to a mailing list were able to trick a victim into visiting one of those pages, they could perform a cross-site scripting (XSS) attack against the victim. (CVE-2011-0707)
Multiple input sanitization flaws were found in the way Mailman displayed mailing list information. A mailing list administrator could use this flaw to conduct a cross-site scripting (XSS) attack against victims viewing a list's "listinfo" page. (CVE-2010-3089)
Red Hat would like to thank Mark Sapiro for reporting these issues.
Users of mailman should upgrade to this updated package, which contains backported patches to correct these issues.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | CVE-2010-3089
CVE-2010-3089
CVE-2011-0707
CVE-2011-0707
RHSA-2011:0308
RHSA-2011:0308-01
RHSA-2011:0308-01
|
| Platform(s): | Red Hat Enterprise Linux 6
| Product(s): | |
| Definition Synopsis |
| Red Hat Enterprise Linux must be installed OR Package Information
Red Hat Enterprise Linux 6 is installed
AND mailman is earlier than 3:2.1.12-14.el6_0.2
AND mailman is signed with Red Hat redhatrelease2 key
|