|
|
| Problem Description |
A cross-site scripting vulnerability was discovered in mailman's
administration interface (CAN-2003-0965). This affects version 2.1
earlier than 2.1.4.
Certain malformed email commands could cause the mailman process to
crash. (CAN-2003-0991). This affects version 2.0 earler than 2.0.14.
Another cross-site scripting vulnerability was found in mailman's
'create' CGI script (CAN-2003-0992). This affects version 2.1
earlier than 2.1.3.
| Updated Packages |
Mandrakelinux 9.1
eb1802f70b4bc6f96281b03412e872ed 9.1/RPMS/mailman-2.0.14-1.1.91mdk.i586.rpm 254a0e9e2217efdfa0a7b3f4fe78ce98 9.1/SRPMS/mailman-2.0.14-1.1.91mdk.src.rpm
Mandrakelinux 9.1/PPC
280f17696e2a062d8745715ba071ad9f ppc/9.1/RPMS/mailman-2.0.14-1.1.91mdk.ppc.rpm 254a0e9e2217efdfa0a7b3f4fe78ce98 ppc/9.1/SRPMS/mailman-2.0.14-1.1.91mdk.src.rpm
Mandrakelinux 9.2
33caa846a9d12696b2e75866692c3744 9.2/RPMS/mailman-2.1.2-9.3.92mdk.i586.rpm 91c48fbb577ee1f0d47ce1d1e5b31ae1 9.2/SRPMS/mailman-2.1.2-9.3.92mdk.src.rpm
Mandrakelinux 9.2/AMD64
5bed899faba7848ac5fa29e5a10b73b2 amd64/9.2/RPMS/mailman-2.1.2-9.3.92mdk.amd64.rpm 91c48fbb577ee1f0d47ce1d1e5b31ae1 amd64/9.2/SRPMS/mailman-2.1.2-9.3.92mdk.src.rpm
Corporate Server 2.1
a0ac98afa71a63f3c0616fd2ce985c5d corporate/2.1/RPMS/mailman-2.0.14-1.1.C21mdk.i586.rpm a9fcc088e7c2b0fa1e4688ce35c7ab74 corporate/2.1/SRPMS/mailman-2.0.14-1.1.C21mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0965
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0992
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.