Jump to content

Advisories (MDKSA-2005:222 ): mailman


aru
 Share

Recommended Posts

Mandriva Advisories MDKSA-2005:222 : mailman

 

Updated mailman packages fix various vulnerabilities

December 2nd, 2005

 

Scrubber.py in Mailman 2.1.4 - 2.1.6 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service. (CVE-2005-3573) In addition, these versions of mailman have an issue where the server will fail with an Overflow on bad date data in a processed message. The version of mailman in Corporate Server 2.1 does not contain the above vulnerable code. Updated packages are patched to correct these issues.

 

 

The released versions of Mandriva GNU/Linux affected are:

  • 10.1
  • CS3.0
  • 10.2
  • 2006.0

Full information about this advisory, including the updated packages, is available at:

wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222

 

Other references:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3573

 

Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)

Link to comment
Share on other sites

 Share

×
×
  • Create New...