GNU Mailman Unspecified Password Retrieval Vulnerability Solution:
The vendor has released Mailman 2.1.5 to address this issue.
Mandrake has released a security advisory (MDKSA-2004:051) and updates to address this issue in Mandrake Linux 9.2 and 10. Users are advised to see the referenced advisory for further details regarding obtaining and applying fixes.
Conectiva has released an advisory (CLA-2004:842) to address this and other issues. Please see the referenced advisory for more information.
Gentoo Linux has released advisory GLSA 200406-04 dealing with this issue. It has been advised that all users of Mailman should upgrade to the latest stable version using the following commands:
# emerge sync
# emerge -pv ">=net-mail/mailman-2.1.5"
# emerge ">=net-mail/mailman-2.1.5"
For more information see the referenced Gentoo advisory.
RedHat has released advisories (FEDORA-2004-167, FEDORA-2004-168) to address this issue in Fedora Core 1 and Fedora Core 2. Please see the referenced advisories for more information.
GNU Mailman 1.0
GNU Mailman 1.1
GNU Mailman 2.0 beta3
GNU Mailman 2.0 .3
GNU Mailman 2.0 beta4
GNU Mailman 2.0
GNU Mailman 2.0 .1
GNU Mailman 2.0 .6
GNU Mailman 2.0 .7
GNU Mailman 2.0 .2
GNU Mailman 2.0 beta5
GNU Mailman 2.0 .5
GNU Mailman 2.0 .8
GNU Mailman 2.0.1
GNU Mailman 2.0.10
GNU Mailman 2.0.11
GNU Mailman 2.0.12
GNU Mailman 2.0.13
GNU Mailman 2.0.2
GNU Mailman 2.0.3
GNU Mailman 2.0.4
GNU Mailman 2.0.4
GNU Mailman 2.0.5
GNU Mailman 2.0.6
GNU Mailman 2.0.7
GNU Mailman 2.0.8
GNU Mailman 2.0.9
GNU Mailman 2.1
GNU Mailman 2.1.1
GNU Mailman 2.1.10 b1
GNU Mailman 2.1.2
GNU Mailman 2.1.3
GNU Mailman 2.1.4
