Article

Red Hat releases Mailman fix

Edmund X. DeJesus, Contributing Writer

Red Hat recommends updating the Mailman package included in several versions of its Linux operating system to correct vulnerabilities that could allow remote cross-site scripting and denial of service attacks.

Mailman is a program for managing mailing lists and is shipped with Red Hat's Linux operating system under a GNU General Public License. Mailman has several

    Requires Free Membership to View

vulnerabilities.

One flaw in the admin CGI script of Mailman versions that predate 2.1.4 can allow a remote attacker to steal session cookies and to conduct unauthorized activities, including cross-site scripting . This could lead to a denial of service.

Another flaw in the create CGI script of Mailman 2.1.x versions before 2.1.3 also permits a remote attacker to steal cookies.

Mailman has suffered from other cross-scripting problems in the past. The current vulnerability affects Linux Advanced Server 2.1 for Itanium, Enterprise Linux ES 2.1 and Enterprise Linux AS 2.1. Updates are available from Red Hat.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: