SCIENTIFIC-LINUX-ERRATA Archives

March 2011

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: mailman on SL6.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Fri, 4 Mar 2011 15:25:59 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (27 lines) 
Synopsis:	Moderate: mailman security update

Issue date:	2011-03-01

CVE Names:	CVE-2010-3089 CVE-2011-0707



Multiple input sanitization flaws were found in the way Mailman 

displayed usernames of subscribed users on certain pages. If a user who 

is subscribed to a mailing list were able to trick a victim into 

visiting one of those pages, they could perform a cross-site scripting 

(XSS) attack against the victim. (CVE-2011-0707)



Multiple input sanitization flaws were found in the way Mailman 

displayed mailing list information. A mailing list administrator could 

use this flaw to conduct a cross-site scripting (XSS) attack against 

victims viewing a list's "listinfo" page. (CVE-2010-3089)



SL 6.x



      SRPMS:

mailman-2.1.12-14.el6_0.2.src.rpm

      i386:

mailman-2.1.12-14.el6_0.2.i686.rpm

      x86_64:

mailman-2.1.12-14.el6_0.2.x86_64.rpm



-Connie Sieh

-Troy Dawson

ATOM RSS1 RSS2