USN-586-1: mailman vulnerability

15 March 2008

mailman vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 7.10
  • Ubuntu 7.04
  • Ubuntu 6.10
  • Ubuntu 6.06 LTS

Software Description

  • mailman

Details

Multiple cross-site scripting flaws were discovered in mailman. A malicious list administrator could exploit this to execute arbitrary JavaScript, potentially stealing user credentials.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 7.10
mailman - 1:2.1.9-8ubuntu0.2
Ubuntu 7.04
mailman - 1:2.1.9-4ubuntu1.2
Ubuntu 6.10
mailman - 1:2.1.8-2ubuntu2.1
Ubuntu 6.06 LTS
mailman - 2.1.5-9ubuntu4.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the necessary changes.

NOTE: Due to an internal release testing mistake, earlier published mailman versions 1:2.1.9-4ubuntu1.1 (for Ubuntu 7.04) and 1:2.1.9-8ubuntu0.1 (for Ubuntu 7.10) accidentally included an incorrect patch and caused a regression, as reported in https://launchpad.net/bugs/202332

This update includes fixes for the problem. We apologize for the inconvenience.

References