USN-586-1: mailman vulnerability

15 March 2008

mailman vulnerability

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

Details

Multiple cross-site scripting flaws were discovered in mailman.
A malicious list administrator could exploit this to execute arbitrary
JavaScript, potentially stealing user credentials.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 7.10
Ubuntu 7.04
Ubuntu 6.10
Ubuntu 6.06

In general, a standard system upgrade is sufficient to effect the
necessary changes.

NOTE: Due to an internal release testing mistake, earlier
published mailman versions 1:2.1.9-4ubuntu1.1 (for Ubuntu
7.04) and 1:2.1.9-8ubuntu0.1 (for Ubuntu 7.10) accidentally
included an incorrect patch and caused a regression, as reported in
https://launchpad.net/bugs/202332

This update includes fixes for the problem. We apologize for the
inconvenience.

References