USN-78-1: Mailman vulnerability

10 February 2005

mailman vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Software Description

Details

An path traversal vulnerability has been discovered in the “private” module of Mailman. A flawed path sanitation algorithm allowed the construction of URLS to arbitrary files readable by Mailman. This allowed a remote attacker to retrieve configuration and password databases, private list archives, and other files.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
mailman

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References