Red Hat Product Errata RHSA-2006:0600 - Security Advisory

Issued:: 2006-09-06
Updated:: 2006-09-06

RHSA-2006:0600 - Security Advisory

Overview
Updated Packages

Synopsis

mailman security update

Type/Severity

Security Advisory: Moderate

Topic

Updated mailman packages that fix security issues are now available for Red
Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

Mailman is a program used to help manage email discussion lists.

A flaw was found in the way Mailman handled MIME multipart messages. An
attacker could send a carefully crafted MIME multipart email message to a
mailing list run by Mailman which caused that particular mailing list
to stop working. (CVE-2006-2941)

Several cross-site scripting (XSS) issues were found in Mailman. An
attacker could exploit these issues to perform cross-site scripting attacks
against the Mailman administrator. (CVE-2006-3636)

Red Hat would like to thank Barry Warsaw for disclosing these vulnerabilities.

Users of Mailman should upgrade to these updated packages, which contain
backported patches to correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

BZ - 198344 - CVE-2006-2941 Mailman DoS
BZ - 203704 - CVE-2006-3636 Mailman XSS issues

CVEs

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
mailman-2.1.5.1-34.rhel4.5.src.rpm	SHA-256: 2b834fd8da7a05d501cda87d73250ac4daa04c25b84bfbdc6e7dc66e60856e36
x86_64
mailman-2.1.5.1-34.rhel4.5.x86_64.rpm	SHA-256: f1f58ff0df4d7c1244b275f58a2ff66aca1cf5e7d692b14a8551bd4ce1583778
mailman-2.1.5.1-34.rhel4.5.x86_64.rpm	SHA-256: f1f58ff0df4d7c1244b275f58a2ff66aca1cf5e7d692b14a8551bd4ce1583778
ia64
mailman-2.1.5.1-34.rhel4.5.ia64.rpm	SHA-256: 5727cec5db60de2cc1dc6f963256ae67526b3d5ac8e76a2ddb75a9d2ef1fccd8
mailman-2.1.5.1-34.rhel4.5.ia64.rpm	SHA-256: 5727cec5db60de2cc1dc6f963256ae67526b3d5ac8e76a2ddb75a9d2ef1fccd8
i386
mailman-2.1.5.1-34.rhel4.5.i386.rpm	SHA-256: 3658da99bb4d221b3b40471008f7c6c18dd0d6e0652858b604a520a0cb6a3591
mailman-2.1.5.1-34.rhel4.5.i386.rpm	SHA-256: 3658da99bb4d221b3b40471008f7c6c18dd0d6e0652858b604a520a0cb6a3591

Red Hat Enterprise Linux Workstation 4

SRPM
mailman-2.1.5.1-34.rhel4.5.src.rpm	SHA-256: 2b834fd8da7a05d501cda87d73250ac4daa04c25b84bfbdc6e7dc66e60856e36
x86_64
mailman-2.1.5.1-34.rhel4.5.x86_64.rpm	SHA-256: f1f58ff0df4d7c1244b275f58a2ff66aca1cf5e7d692b14a8551bd4ce1583778
ia64
mailman-2.1.5.1-34.rhel4.5.ia64.rpm	SHA-256: 5727cec5db60de2cc1dc6f963256ae67526b3d5ac8e76a2ddb75a9d2ef1fccd8
i386
mailman-2.1.5.1-34.rhel4.5.i386.rpm	SHA-256: 3658da99bb4d221b3b40471008f7c6c18dd0d6e0652858b604a520a0cb6a3591

Red Hat Enterprise Linux Desktop 4

SRPM
mailman-2.1.5.1-34.rhel4.5.src.rpm	SHA-256: 2b834fd8da7a05d501cda87d73250ac4daa04c25b84bfbdc6e7dc66e60856e36
x86_64
mailman-2.1.5.1-34.rhel4.5.x86_64.rpm	SHA-256: f1f58ff0df4d7c1244b275f58a2ff66aca1cf5e7d692b14a8551bd4ce1583778
i386
mailman-2.1.5.1-34.rhel4.5.i386.rpm	SHA-256: 3658da99bb4d221b3b40471008f7c6c18dd0d6e0652858b604a520a0cb6a3591

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
mailman-2.1.5.1-34.rhel4.5.src.rpm	SHA-256: 2b834fd8da7a05d501cda87d73250ac4daa04c25b84bfbdc6e7dc66e60856e36
s390x
mailman-2.1.5.1-34.rhel4.5.s390x.rpm	SHA-256: 8997202778662a7914c491af7e688800e014a1f667343780afc6a9fb44e758ac
s390
mailman-2.1.5.1-34.rhel4.5.s390.rpm	SHA-256: cbdac1b03abbe8cd390f0446ba3fffc807725f7d625bc2e6899fb10007d8ec5f

Red Hat Enterprise Linux for Power, big endian 4

SRPM
mailman-2.1.5.1-34.rhel4.5.src.rpm	SHA-256: 2b834fd8da7a05d501cda87d73250ac4daa04c25b84bfbdc6e7dc66e60856e36
ppc
mailman-2.1.5.1-34.rhel4.5.ppc.rpm	SHA-256: 3aed4b9dccaf040279173c206900d29271ba7790c959b7e8a20d6a47cad21ca1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories