Synopsis: Moderate: mailman security update
Issue Date: 2011-03-01
CVE Numbers: CVE-2008-0564
CVE-2010-3089
CVE-2011-0707
—
Mailman is a program used to help manage email discussion lists.
Multiple input sanitization flaws were found in the way Mailman displayed
usernames of subscribed users on certain pages. If a user who is subscribed
to a mailing list were able to trick a victim into visiting one of those
pages, they could perform a cross-site scripting (XSS) attack against the
victim. (CVE-2011-0707)
Multiple input sanitization flaws were found in the way Mailman displayed
mailing list information. A mailing list administrator could use this flaw
to conduct a cross-site scripting (XSS) attack against victims viewing a
list’s “listinfo” page. (CVE-2008-0564, CVE-2010-3089)
Red Hat would like to thank Mark Sapiro for reporting the CVE-2011-0707 and
CVE-2010-3089 issues.
Users of mailman should upgrade to this updated package, which contains
backported patches to correct these issues.
—
SL4
x86_64
mailman-2.1.5.1-34.rhel4.7.x86_64.rpm
i386
mailman-2.1.5.1-34.rhel4.7.i386.rpm
SL5
x86_64
mailman-2.1.9-6.el5_6.1.x86_64.rpm
i386
mailman-2.1.9-6.el5_6.1.i386.rpm
– Scientific Linux Development Team
