• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

GNU Mailman Multiple Remote Vulnerabilities

Solution:
Debian Linux has released an updated advisory DSA 674-3 along with updated fixes dealing with these and other issues. For more information, please see the referenced advisory.

Ubuntu has released an advisory called USN-59-1 to address these issues for Ubuntu Linux. Please see the referenced advisory for further information.

Gentoo Linux has released advisory GLSA 200501-29 to address these issues. Users of affected packages are urged to execute the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.5-r3"
Please see the referenced advisory for further information.

Mandrake Linux has released advisory MDKSA-2005:015 along with fixes dealing with this issue. Please see the referenced advisory for more information.

SuSE Linux has released a security summary report (SUSE-SR:2005:002) that contains fixes to address this and other vulnerabilities. SuSE Linux has also released advisory SUSE-SA:2005:007 to supersede the earlier advisory

Debian Linux has released an advisory (DSA 674-1) dealing with this issue. Please see the reference section for more information.

Debian Linux has released a second advisory (DSA 674-2). Apparently the first advisory failed to properly fix all of the issues. The fixes provided with the second advisory must be applied to packages fixed with the set of fixes released with the first advisory. Please see the reference section for more information.

Red Hat has released advisory RHSA-2005:235-05 to address the cross-site scripting issue (CAN-2004-1177). Please see the referenced advisory for more information.


GNU Mailman 2.0.11

• Debian mailman_2.0.11-1woody10_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody10_alpha.deb


• Debian mailman_2.0.11-1woody10_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody10_arm.deb


• Debian mailman_2.0.11-1woody10_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody10_hppa.deb


• Debian mailman_2.0.11-1woody10_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody10_i386.deb


• Debian mailman_2.0.11-1woody10_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody10_ia64.deb


• Debian mailman_2.0.11-1woody10_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody10_m68k.deb


• Debian mailman_2.0.11-1woody10_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody10_mips.deb


• Debian mailman_2.0.11-1woody10_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody10_mipsel.deb


• Debian mailman_2.0.11-1woody10_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody10_powerpc.deb


• Debian mailman_2.0.11-1woody10_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody10_s390.deb


• Debian mailman_2.0.11-1woody10_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody10_sparc.deb


• Debian mailman_2.0.11-1woody11_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody11_alpha.deb


• Debian mailman_2.0.11-1woody11_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody11_arm.deb


• Debian mailman_2.0.11-1woody11_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody11_hppa.deb


• Debian mailman_2.0.11-1woody11_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody11_i386.deb


• Debian mailman_2.0.11-1woody11_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody11_ia64.deb


• Debian mailman_2.0.11-1woody11_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody11_m68k.deb


• Debian mailman_2.0.11-1woody11_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody11_mips.deb


• Debian mailman_2.0.11-1woody11_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody11_mipsel.deb


• Debian mailman_2.0.11-1woody11_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody11_powerpc.deb


• Debian mailman_2.0.11-1woody11_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody11_s390.deb


• Debian mailman_2.0.11-1woody11_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody11_sparc.deb


• Debian mailman_2.0.11-1woody9_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody9_alpha.deb


• Debian mailman_2.0.11-1woody9_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody9_arm.deb


• Debian mailman_2.0.11-1woody9_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody9_hppa.deb


• Debian mailman_2.0.11-1woody9_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody9_i386.deb


• Debian mailman_2.0.11-1woody9_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody9_ia64.deb


• Debian mailman_2.0.11-1woody9_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody9_m68k.deb


• Debian mailman_2.0.11-1woody9_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody9_mips.deb


• Debian mailman_2.0.11-1woody9_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody9_mipsel.deb


• Debian mailman_2.0.11-1woody9_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody9_powerpc.deb


• Debian mailman_2.0.11-1woody9_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody9_s390.deb


• Debian mailman_2.0.11-1woody9_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody9_sparc.deb

GNU Mailman 2.0.13

• Mandrake mailman-2.0.14-1.2.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mailman-2.0.14-1.2.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php

GNU Mailman 2.1.1

• SuSE mailman-2.1.1-110.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mailman-2.1.1-110 .i586.rpm

GNU Mailman 2.1.2

• SuSE mailman-2.1.2-93.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mailman-2.1.2-93. i586.rpm


• SuSE mailman-2.1.2-93.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mailman-2.1.2 -93.x86_64.rpm

GNU Mailman 2.1.4

• Mandrake mailman-2.1.4-2.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mailman-2.1.4-2.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mailman-2.1.4-2.2.C30mdk.i586.rpm
  Mandrake Corporate Server 3.0
  http://www.mandrakesecure.net/en/ftp.php


• SuSE mailman-2.1.4-83.13.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mailman-2.1.4-83. 13.i586.rpm


• SuSE mailman-2.1.4-83.13.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mailman-2.1.4 -83.13.x86_64.rpm

GNU Mailman 2.1.5

• Mandrake mailman-2.1.5-7.2.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mailman-2.1.5-7.2.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• SuSE mailman-2.1.5-5.6.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mailman-2.1.5-5.6 .i586.rpm


• SuSE mailman-2.1.5-5.6.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/mailman-2.1.5 -5.6.x86_64.rpm


• Ubuntu mailman_2.1.5-1ubuntu2.2_amd64.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1u buntu2.2_amd64.deb


• Ubuntu mailman_2.1.5-1ubuntu2.2_i386.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1u buntu2.2_i386.deb


• Ubuntu mailman_2.1.5-1ubuntu2.2_powerpc.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1u buntu2.2_powerpc.deb