Login
Newsletter
Werbung

Sicherheit: Cross-Site Scripting in mailman
Aktuelle Meldungen Distributionen
Name: Cross-Site Scripting in mailman
ID: MDVSA-2008:061
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Corporate 4.0, Mandriva 2007.0, Mandriva 2007.1, Mandriva 2008.0
Datum: Do, 6. März 2008, 22:22
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0564
Applikationen: MailMan

Originalnachricht

This is a multi-part message in MIME format...

------------=_1204838521-11275-827


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:061
http://www.mandriva.com/security/
_______________________________________________________________________

Package : mailman
Date : March 6, 2008
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

Multiple cross-site scripting (XSS) vulnerabilities were found in
Mailman prior to version 2.1.10b1, which allow remote attackers to
inject arbitrary web script or HTML via edting templates and the
list's info attribute in the web administrator interface.

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0564
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
2b4013e38c4bbc2624150cf8b859d97b
2007.0/i586/mailman-2.1.9-1.1mdv2007.0.i586.rpm
84e8a6a1a78093bcdcf041450309993a
2007.0/SRPMS/mailman-2.1.9-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
7f70c499712449927c501eec60f7257e
2007.0/x86_64/mailman-2.1.9-1.1mdv2007.0.x86_64.rpm
84e8a6a1a78093bcdcf041450309993a
2007.0/SRPMS/mailman-2.1.9-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
3e66e56114c272d5ebdfc143e317ff86
2007.1/i586/mailman-2.1.9-2.1mdv2007.1.i586.rpm
83d478c788bfda009a1ad9dce97e4916
2007.1/SRPMS/mailman-2.1.9-2.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
e3215c27c2ce3f0857bc81ba67e9caaa
2007.1/x86_64/mailman-2.1.9-2.1mdv2007.1.x86_64.rpm
83d478c788bfda009a1ad9dce97e4916
2007.1/SRPMS/mailman-2.1.9-2.1mdv2007.1.src.rpm

Mandriva Linux 2008.0:
c2ffce2a1332f7125f37c05fb5fc7acd
2008.0/i586/mailman-2.1.9-2.1mdv2008.0.i586.rpm
d2cb3d3c79bb91a81f1cace90213384e
2008.0/SRPMS/mailman-2.1.9-2.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
f01417a5626e86aae6678f5ea67c3aac
2008.0/x86_64/mailman-2.1.9-2.1mdv2008.0.x86_64.rpm
d2cb3d3c79bb91a81f1cace90213384e
2008.0/SRPMS/mailman-2.1.9-2.1mdv2008.0.src.rpm

Corporate 3.0:
61fc3c66164c9c3880d49e477bc75fcd
corporate/3.0/i586/mailman-2.1.4-2.9.C30mdk.i586.rpm
842647b66f6a5e6e6674533bbb45fa3e
corporate/3.0/SRPMS/mailman-2.1.4-2.9.C30mdk.src.rpm

Corporate 3.0/X86_64:
9ff6c3bf000084730904b9b1e944cf69
corporate/3.0/x86_64/mailman-2.1.4-2.9.C30mdk.x86_64.rpm
842647b66f6a5e6e6674533bbb45fa3e
corporate/3.0/SRPMS/mailman-2.1.4-2.9.C30mdk.src.rpm

Corporate 4.0:
5bdf3f1a62de4d8088cd3f8409fdd525
corporate/4.0/i586/mailman-2.1.6-6.3.20060mlcs4.i586.rpm
fc6132d963989c475ddaed436b234039
corporate/4.0/SRPMS/mailman-2.1.6-6.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
209d068b958d077e2102c42052a5a72a
corporate/4.0/x86_64/mailman-2.1.6-6.3.20060mlcs4.x86_64.rpm
fc6132d963989c475ddaed436b234039
corporate/4.0/SRPMS/mailman-2.1.6-6.3.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFH0DOQmqjQ0CJFipgRAun/AKCeOTnmEALAC0Psif3vTGOrTDFO1QCfWd5n
xgQxJS4lADPQU5IAIMmKSds=
=TWJO
-----END PGP SIGNATURE-----


------------=_1204838521-11275-827
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1204838521-11275-827--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung