Oval Definition:oval:com.redhat.rhsa:def:20110308
Revision Date:2011-03-01Version:638
Title:RHSA-2011:0308: mailman security update (Moderate)
Description:Mailman is a program used to help manage email discussion lists.

  • Multiple input sanitization flaws were found in the way Mailman displayed usernames of subscribed users on certain pages. If a user who is subscribed to a mailing list were able to trick a victim into visiting one of those pages, they could perform a cross-site scripting (XSS) attack against the victim. (CVE-2011-0707)

  • Multiple input sanitization flaws were found in the way Mailman displayed mailing list information. A mailing list administrator could use this flaw to conduct a cross-site scripting (XSS) attack against victims viewing a list's "listinfo" page. (CVE-2010-3089)

    Red Hat would like to thank Mark Sapiro for reporting these issues.

    Users of mailman should upgrade to this updated package, which contains backported patches to correct these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2010-3089
    CVE-2010-3089
    CVE-2011-0707
    CVE-2011-0707
    RHSA-2011:0308
    RHSA-2011:0308-01
    RHSA-2011:0308-01
    Platform(s):Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND mailman is earlier than 3:2.1.12-14.el6_0.2
  • AND mailman is signed with Red Hat redhatrelease2 key
    • BACK