Red Hat releases Mailman fix

Red Hat recommends updating the Mailman package in several versions of its Linux operating system to correct vulnerabilities that allow remote cross-site scripting and denial of service attacks.

Red Hat recommends updating the Mailman package included in several versions of its Linux operating system to correct vulnerabilities that could allow remote cross-site scripting and denial of service attacks.

Mailman is a program for managing mailing lists and is shipped with Red Hat's Linux operating system under a GNU General Public License. Mailman has several vulnerabilities.

One flaw in the admin CGI script of Mailman versions that predate 2.1.4 can allow a remote attacker to steal session cookies and to conduct unauthorized activities, including cross-site scripting . This could lead to a denial of service.

Another flaw in the create CGI script of Mailman 2.1.x versions before 2.1.3 also permits a remote attacker to steal cookies.

Mailman has suffered from other cross-scripting problems in the past. The current vulnerability affects Linux Advanced Server 2.1 for Itanium, Enterprise Linux ES 2.1 and Enterprise Linux AS 2.1. Updates are available from Red Hat.

Dig deeper on Alternative OS security: Mac, Linux, Unix, etc.

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close