USN-2558-1: Mailman vulnerability
7 April 2015
Mailman could be made to run programs if it processed a specially crafted list name.
- mailman - Powerful, web-based mailing list manager
It was discovered that Mailman incorrectly handled special characters
in list names. A local attacker could use this issue to perform a path
traversal attack and execute arbitrary code as the Mailman user.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.