Red Hat releases Mailman fix

Red Hat recommends updating the Mailman package in several versions of its Linux operating system to correct vulnerabilities that allow remote cross-site scripting and denial of service attacks.

Red Hat recommends updating the Mailman package included in several versions of its Linux operating system to correct...

vulnerabilities that could allow remote cross-site scripting and denial of service attacks.

Mailman is a program for managing mailing lists and is shipped with Red Hat's Linux operating system under a GNU General Public License. Mailman has several vulnerabilities.

One flaw in the admin CGI script of Mailman versions that predate 2.1.4 can allow a remote attacker to steal session cookies and to conduct unauthorized activities, including cross-site scripting . This could lead to a denial of service.

Another flaw in the create CGI script of Mailman 2.1.x versions before 2.1.3 also permits a remote attacker to steal cookies.

Mailman has suffered from other cross-scripting problems in the past. The current vulnerability affects Linux Advanced Server 2.1 for Itanium, Enterprise Linux ES 2.1 and Enterprise Linux AS 2.1. Updates are available from Red Hat.

Dig Deeper on Alternative OS security: Mac, Linux, Unix, etc.

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close