Linux News
The world is talking about GNU/Linux and Free/Open Source Software

Login

If you don't have an account yet, visit the registration page to sign up.

If you already have an account, you may login here:

Today's Big Story

Zed: A Next-Gen Rust-Based Open Source Code Editor With AI

LXer Features

Linux That's Small

Encryption, Trust, and the Hidden Dangers of Vendor-Controlled Data

My Linux Mint Tribute

How I Turned My Chromebook Into A "Mintbook"

Adventures With My New Chromebook

My Linux Laptop

Have something to say?

Ready to be published? LXer is read by around 350,000 individuals each month, and is an excellent place for you to publish your ideas, thoughts, reviews, complaints, etc. Do you have something to say to the Linux community?

Publish it here.

DaniWeb Linux Community
An exciting professional discussion group about software development, php, shell scripting, networking, ruby, and more.

Latest Discussions

See Activation Cube feature on Fedora 41 KDE Spin in VENV

You don't need AI to know how this goes

Should be a SNL skit

Please add https to lxer.com

Anyone remember Distrotest.net? I found a new one!

Site Menu

Other News

- LWN.net
Their weekly coverage of Linux news is unmatched in this community.

- LinuxGizmos.com
Excellent news for embedded Linux.

- LinuxQuestions.org
Discussion forums for Linux users.

LinuxQuestions.org is a friendly and active Linux Community with forums, reviews, a hardware compatibility list, a wiki, tutorials, a download site, a podcast and more.

Mandrake alert: Updated mailman packages close various cross-site scripting vulnerabilities.

Posted by dave on Feb 13, 2004 2:06 PM EDT
Mailing list

Mail this story
Print this story

A cross-site scripting vulnerability was discovered in mailman's administration interface (CAN-2003-0965). This affects version 2.1 earlier than 2.1.4.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandrake Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           mailman
 Advisory ID:            MDKSA-2004:013
 Date:                   February 13th, 2004

 Affected versions:	 9.1, 9.2, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 A cross-site scripting vulnerability was discovered in mailman's
 administration interface (CAN-2003-0965). This affects version 2.1
 earlier than 2.1.4.
 
 Certain malformed email commands could cause the mailman process to 
 crash. (CAN-2003-0991). This affects version 2.0 earler than 2.0.14.
 
 Another cross-site scripting vulnerability was found in mailman's
 'create' CGI script (CAN-2003-0992). This affects version 2.1 
 earlier than 2.1.3.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0965
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0991
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0992
 ______________________________________________________________________

 Updated Packages:
  
 Corporate Server 2.1:
 a0ac98afa71a63f3c0616fd2ce985c5d  corporate/2.1/RPMS/mailman-2.0.14-1.1.C21mdk.i586.rpm
 a9fcc088e7c2b0fa1e4688ce35c7ab74  corporate/2.1/SRPMS/mailman-2.0.14-1.1.C21mdk.src.rpm

 Mandrake Linux 9.1:
 eb1802f70b4bc6f96281b03412e872ed  9.1/RPMS/mailman-2.0.14-1.1.91mdk.i586.rpm
 254a0e9e2217efdfa0a7b3f4fe78ce98  9.1/SRPMS/mailman-2.0.14-1.1.91mdk.src.rpm

 Mandrake Linux 9.1/PPC:
 280f17696e2a062d8745715ba071ad9f  ppc/9.1/RPMS/mailman-2.0.14-1.1.91mdk.ppc.rpm
 254a0e9e2217efdfa0a7b3f4fe78ce98  ppc/9.1/SRPMS/mailman-2.0.14-1.1.91mdk.src.rpm

 Mandrake Linux 9.2:
 33caa846a9d12696b2e75866692c3744  9.2/RPMS/mailman-2.1.2-9.3.92mdk.i586.rpm
 91c48fbb577ee1f0d47ce1d1e5b31ae1  9.2/SRPMS/mailman-2.1.2-9.3.92mdk.src.rpm

 Mandrake Linux 9.2/AMD64:
 5bed899faba7848ac5fa29e5a10b73b2  amd64/9.2/RPMS/mailman-2.1.2-9.3.92mdk.amd64.rpm
 91c48fbb577ee1f0d47ce1d1e5b31ae1  amd64/9.2/SRPMS/mailman-2.1.2-9.3.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

 All packages are signed by MandrakeSoft for security.  You can obtain
 the GPG public key of the Mandrake Linux Security Team by executing:

  gpg --recv-keys --keyserver http://www.mandrakesecure.net 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to
 update.

 You can view other update advisories for Mandrake Linux at:

  http://www.mandrakesecure.net/en/advisories/

 MandrakeSoft has several security-related mailing list services that
 anyone can subscribe to.  Information on these lists can be obtained by
 visiting:

  http://www.mandrakesecure.net/en/mlist.php

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFALUzOmqjQ0CJFipgRAlnzAJ9/ljVSRJya8NwwE56UWv06X2UjtwCfbEJH
gkFRwNtMM6WdQJZADzEoWJ0=
=w7PG
-----END PGP SIGNATURE-----

Linux NewsThe world is talking about GNU/Linux and Free/Open Source Software