LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 18th, 2014
Linux Advisory Watch: July 13th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: mailman vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Multiple cross-site scripting flaws were discovered in mailman. A malicious list administrator could exploit this to execute arbitrary JavaScript, potentially stealing user credentials.
=========================================================== 
Ubuntu Security Notice USN-586-1             March 15, 2008
mailman vulnerability
CVE-2008-0564
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  mailman                         2.1.5-9ubuntu4.2

Ubuntu 6.10:
  mailman                         1:2.1.8-2ubuntu2.1

Ubuntu 7.04:
  mailman                         1:2.1.9-4ubuntu1.2

Ubuntu 7.10:
  mailman                         1:2.1.9-8ubuntu0.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

NOTE: Due to an internal release testing mistake, earlier
published mailman versions 1:2.1.9-4ubuntu1.1 (for Ubuntu
7.04) and 1:2.1.9-8ubuntu0.1 (for Ubuntu 7.10) accidentally
included an incorrect patch and caused a regression, as reported in
https://launchpad.net/bugs/202332

This update includes fixes for the problem.  We apologize for the
inconvenience.

Details follow:

Multiple cross-site scripting flaws were discovered in mailman.
A malicious list administrator could exploit this to execute arbitrary
JavaScript, potentially stealing user credentials.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-9ubuntu4.2.diff.gz
      Size/MD5:   231090 d3e7124adf9454e2754e41c98df1a79c
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-9ubuntu4.2.dsc
      Size/MD5:      626 0ac6344f31b1fd756ff3c724a059c907
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5.orig.tar.gz
      Size/MD5:  5745912 f5f56f04747cd4aff67427e7a45631af

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-9ubuntu4.2_amd64.deb
      Size/MD5:  6613254 72d9727b248c5e8ac1ffe6699989b546

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-9ubuntu4.2_i386.deb
      Size/MD5:  6612872 6fa80a2c5f9fb4ef86fc37f5948eb7ea

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-9ubuntu4.2_powerpc.deb
      Size/MD5:  6621726 45ad75a62c903f80ccaed21d8bff8e0f

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-9ubuntu4.2_sparc.deb
      Size/MD5:  6620818 7dc3bc18e981e78fa7d9e18bda151ecc

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.8-2ubuntu2.1.diff.gz
      Size/MD5:   203009 ee4a019ea676c82f040bad51a13f2a04
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.8-2ubuntu2.1.dsc
      Size/MD5:      819 53355a3ca08c288d785123da51dbb10e
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.8.orig.tar.gz
      Size/MD5:  6856039 b9308ea3ffe8dd447458338408d46bd6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.8-2ubuntu2.1_amd64.deb
      Size/MD5:  8017888 34628b56f38515676c840c10f2aa100d

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.8-2ubuntu2.1_i386.deb
      Size/MD5:  8016276 18b60f0774f2f664d5505391834ed0c6

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.8-2ubuntu2.1_powerpc.deb
      Size/MD5:  8025122 20b2783ab25dd270751211463fdedc77

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.8-2ubuntu2.1_sparc.deb
      Size/MD5:  8023672 02dd507266718e196abef08311a995b5

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.9-4ubuntu1.2.diff.gz
      Size/MD5:   142531 2e32aeebcbf3d45e498d4241bf1cf0c8
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.9-4ubuntu1.2.dsc
      Size/MD5:      981 0c8c78087bcf0213f17013c94fea9764
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.9.orig.tar.gz
      Size/MD5:  7829201 dd51472470f9eafb04f64da372444835

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.9-4ubuntu1.2_amd64.deb
      Size/MD5:  8606862 74502c6c9e9a8bb277c6f741abd46541

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.9-4ubuntu1.2_i386.deb
      Size/MD5:  8605384 46330ecad45d07957ac827e5f8e944e2

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.9-4ubuntu1.2_powerpc.deb
      Size/MD5:  8617812 08c3457654498fb0e944c6900c1111fa

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.9-4ubuntu1.2_sparc.deb
      Size/MD5:  8616850 d847a99c6173ffa101f5986cfd9ce9cf

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.9-8ubuntu0.2.diff.gz
      Size/MD5:   151248 242099c74ff77d643fab04b0aeffee33
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.9-8ubuntu0.2.dsc
      Size/MD5:     1032 97fd7fe28a0f1d32b95c3afd9cf1946a
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.9.orig.tar.gz
      Size/MD5:  7829201 dd51472470f9eafb04f64da372444835

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.9-8ubuntu0.2_amd64.deb
      Size/MD5:  8613496 982f4c248795c6555bdb62a0747a429d

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.9-8ubuntu0.2_i386.deb
      Size/MD5:  8611448 94ad8c328a6367196dffcd38f3a56d17

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.9-8ubuntu0.2_powerpc.deb
      Size/MD5:  8627854 a0b4e25a6c5892b77845f192e8d0ae70

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.9-8ubuntu0.2_sparc.deb
      Size/MD5:  8626282 2f318a3fc2a9bd1e50e4df96e15bdad1


--yrj/dFKFPuw6o+aM
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFH3BBoH/9LqRcGPm0RAqKSAJ0X0p8GEzM9v58JUzDkU0dkMwP70wCfdfC6
g0JyO66Epv3zlEwUTHuAIfY=R+IT
-----END PGP SIGNATURE-----

--yrj/dFKFPuw6o+aM--


--==============X21542433858032832=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============X21542433858032832==--
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Router hacking competition announced for Defcon
EFF wants hackers to help build an open, secure router
Hackers Could Take Control of Your Car. This Device Can Stop Them
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.