1. Ubuntu Security Notices
  2. USN-586-1

USN-586-1: mailman vulnerability

Publication date

15 March 2008

Overview

mailman vulnerability

Releases

Packages

Details

Multiple cross-site scripting flaws were discovered in mailman.
A malicious list administrator could exploit this to execute arbitrary
JavaScript, potentially stealing user credentials.

Multiple cross-site scripting flaws were discovered in mailman.
A malicious list administrator could exploit this to execute arbitrary
JavaScript, potentially stealing user credentials.

Update instructions

In general, a standard system upgrade is sufficient to effect the necessary changes. NOTE: Due to an internal release testing mistake, earlier published mailman versions 1:2.1.9-4ubuntu1.1 (for Ubuntu 7.04) and 1:2.1.9-8ubuntu0.1 (for Ubuntu 7.10) accidentally included an incorrect patch and caused a regression, as reported in https://launchpad.net/bugs/202332 This update includes fixes for the problem. We apologize for the inconvenience.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
7.10 gutsy mailman –  1:2.1.9-8ubuntu0.2
7.04 feisty mailman –  1:2.1.9-4ubuntu1.2
6.10 edgy mailman –  1:2.1.8-2ubuntu2.1
6.06 dapper mailman –  2.1.5-9ubuntu4.2

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›