aru Posted February 14, 2004 Report Share Posted February 14, 2004 MandrakeSoft Security Advisory MDKSA-2004:013 : mailman February 13th, 2004 Updated mailman packages close various cross-site scripting vulnerabilities. A cross-site scripting vulnerability was discovered in mailman's administration interface (CAN-2003-0965). This affects version 2.1 earlier than 2.1.4. Certain malformed email commands could cause the mailman process to crash. (CAN-2003-0991). This affects version 2.0 earler than 2.0.14. Another cross-site scripting vulnerability was found in mailman's 'create' CGI script (CAN-2003-0992). This affects version 2.1 earlier than 2.1.3. The released versions of Mandrake GNU/Linux affected are: 9.1 9.2 9.2/AMD64 Corporate Server 2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:013 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0965 http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0991 http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0992 Posted automatically by aru (mdksec2mub v0.0.8) Link to comment Share on other sites More sharing options...
Recommended Posts