Mailman 3 Security holes? - Mailman-Users

May 24, 2000

      Red Hat recently sent out the following.  I don't use the Red Hat
rpms, but have installed mailman on my own, so naturally I wonder what
security holes they are talking about.  In what versions of Mailman do
they exist?
...
From: bugzilla@redhat.com
Subject: [RHSA-2000:030-01] Updated mailman packages are available.
To: redhat-watch-list@redhat.com
Date:   Wed, 24 May 2000 18:24 -0400

       Red Hat, Inc. Security Advisory
Synopsis:          Updated mailman packages are available.
Advisory ID:       RHSA-2000:030-01
Issue date:        2000-05-24
Updated on:        2000-05-24
Product:           Red Hat Secure Web Server
Keywords:          N/A
Cross references:  N/A

Topic:

New mailman packages are available which close security holes present
in earlier versions of mailman.

Relevant releases/architectures:

Red Hat Secure Web Server 3.0 - i386
Red Hat Secure Web Server 3.1 - i386 alpha sparc
Red Hat Secure Web Server 3.2 - i386

Problem description:

New mailman packages are available which close security holes present
in earlier versions of mailman.  All sites using the mailman mailing
list management software should upgrade.

Solution:

For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.

Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

N/A

RPMs required:

Red Hat Secure Web Server 3.2:
intel:
ftp://ftp.redhat.com/pub/redhat/updates/secureweb/3.2/i386/mailman-2.0beta2-1.i386.rpm
sources:
ftp://ftp.redhat.com/pub/redhat/updates/secureweb/3.2/SRPMS/mailman-2.0beta2-1.src.rpm

Verification:

MD5 sum                           Package Name
4515cf682bfb0c4a87c9ac6def8d5ec7  3.2/SRPMS/mailman-2.0beta2-1.src.rpm
ccaf8e103c609bfa7769dfff4cf7f532  3.2/i386/mailman-2.0beta2-1.i386.rpm
These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
http://www.redhat.com/corp/contact.html
You can verify each package with the following command:
rpm --checksig  <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>

References:

N/A

Security holes?

Per Starback

Synopsis: Updated mailman packages are available. Advisory ID: RHSA-2000:030-01 Issue date: 2000-05-24 Updated on: 2000-05-24 Product: Red Hat Secure Web Server Keywords: N/A Cross references: N/A

MD5 sum Package Name

tags

participants (1)