Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Red Hat: RHSA-2021:2304-01 Important: OpenSSL Security Vulnerability

Calendar Sep 08, 2006 User Avatar LinuxSecurity Advisories
4 - 7 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory red hat moderate threat doS xss mailman
Updated mailman packages that fix security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 
- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Moderate: mailman security update
Advisory ID:       RHSA-2006:0600-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2006:0600.html
Issue date:        2006-09-06
Updated on:        2006-09-06
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-2941 CVE-2006-3636 
- ---------------------------------------------------------------------1. Summary:

Updated mailman packages that fix security issues are now available for Red
Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Mailman is a program used to help manage email discussion lists.

A flaw was found in the way Mailman handled MIME multipart messages. An
attacker could send a carefully crafted MIME multipart email message to a
mailing list run by Mailman which caused that particular mailing list
to stop working.  (CVE-2006-2941)

Several cross-site scripting (XSS) issues were found in Mailman.  An
attacker could exploit these issues to perform cross-site scripting attacks
against the Mailman administrator.  (CVE-2006-3636)

Red Hat would like to thank Barry Warsaw for disclosing these vulnerabilities.

Users of Mailman should upgrade to these updated packages, which contain
backported patches to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

198344 - CVE-2006-2941 Mailman DoS
203704 - CVE-2006-3636 Mailman XSS issues

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
aadc1f8f782b3bb77723aaf58f3075dd  mailman-2.1.5.1-25.rhel3.7.src.rpm

i386:
06ad7a3f4da347456466fa4f5e2fa7c3  mailman-2.1.5.1-25.rhel3.7.i386.rpm
c11347caf70b2d35f6ee3e5ad85a1e2a  mailman-debuginfo-2.1.5.1-25.rhel3.7.i386.rpm

ia64:
930f1caafb3f9a52df581ec287688b77  mailman-2.1.5.1-25.rhel3.7.ia64.rpm
506a05ea921cc2db4a6bd780fe675984  mailman-debuginfo-2.1.5.1-25.rhel3.7.ia64.rpm

ppc:
3b25506baa71db64e4b5f46891995348  mailman-2.1.5.1-25.rhel3.7.ppc.rpm
7b88f8c12c8b1a8dc847bfb847cbd6be  mailman-debuginfo-2.1.5.1-25.rhel3.7.ppc.rpm

s390:
10d5202c49895d7cd7735fd26a631a18  mailman-2.1.5.1-25.rhel3.7.s390.rpm
644052a0ec97d49a7e6f304dcd8d3103  mailman-debuginfo-2.1.5.1-25.rhel3.7.s390.rpm

s390x:
c5db1d523b4ab0107c073d08da7fa067  mailman-2.1.5.1-25.rhel3.7.s390x.rpm
99eb2c04ffa8bbc4d5cc39e580a91036  mailman-debuginfo-2.1.5.1-25.rhel3.7.s390x.rpm

x86_64:
13322c51c7935facde94c51751d9cfed  mailman-2.1.5.1-25.rhel3.7.x86_64.rpm
e558b981f58e456777900935c586acc5  mailman-debuginfo-2.1.5.1-25.rhel3.7.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
aadc1f8f782b3bb77723aaf58f3075dd  mailman-2.1.5.1-25.rhel3.7.src.rpm

i386:
06ad7a3f4da347456466fa4f5e2fa7c3  mailman-2.1.5.1-25.rhel3.7.i386.rpm
c11347caf70b2d35f6ee3e5ad85a1e2a  mailman-debuginfo-2.1.5.1-25.rhel3.7.i386.rpm

x86_64:
13322c51c7935facde94c51751d9cfed  mailman-2.1.5.1-25.rhel3.7.x86_64.rpm
e558b981f58e456777900935c586acc5  mailman-debuginfo-2.1.5.1-25.rhel3.7.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
aadc1f8f782b3bb77723aaf58f3075dd  mailman-2.1.5.1-25.rhel3.7.src.rpm

i386:
06ad7a3f4da347456466fa4f5e2fa7c3  mailman-2.1.5.1-25.rhel3.7.i386.rpm
c11347caf70b2d35f6ee3e5ad85a1e2a  mailman-debuginfo-2.1.5.1-25.rhel3.7.i386.rpm

ia64:
930f1caafb3f9a52df581ec287688b77  mailman-2.1.5.1-25.rhel3.7.ia64.rpm
506a05ea921cc2db4a6bd780fe675984  mailman-debuginfo-2.1.5.1-25.rhel3.7.ia64.rpm

x86_64:
13322c51c7935facde94c51751d9cfed  mailman-2.1.5.1-25.rhel3.7.x86_64.rpm
e558b981f58e456777900935c586acc5  mailman-debuginfo-2.1.5.1-25.rhel3.7.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
aadc1f8f782b3bb77723aaf58f3075dd  mailman-2.1.5.1-25.rhel3.7.src.rpm

i386:
06ad7a3f4da347456466fa4f5e2fa7c3  mailman-2.1.5.1-25.rhel3.7.i386.rpm
c11347caf70b2d35f6ee3e5ad85a1e2a  mailman-debuginfo-2.1.5.1-25.rhel3.7.i386.rpm

ia64:
930f1caafb3f9a52df581ec287688b77  mailman-2.1.5.1-25.rhel3.7.ia64.rpm
506a05ea921cc2db4a6bd780fe675984  mailman-debuginfo-2.1.5.1-25.rhel3.7.ia64.rpm

x86_64:
13322c51c7935facde94c51751d9cfed  mailman-2.1.5.1-25.rhel3.7.x86_64.rpm
e558b981f58e456777900935c586acc5  mailman-debuginfo-2.1.5.1-25.rhel3.7.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
c93f0d4ba430ee583e22565d46ad4ca7  mailman-2.1.5.1-34.rhel4.5.src.rpm

i386:
9ab4155e1c5510abf085c9af828f57eb  mailman-2.1.5.1-34.rhel4.5.i386.rpm
269153aac17ce9e233f78b3ffe8e2aef  mailman-debuginfo-2.1.5.1-34.rhel4.5.i386.rpm

ia64:
a42338d32e130205035d1ffe852fa2d1  mailman-2.1.5.1-34.rhel4.5.ia64.rpm
b32a43800a955c99aaaa63ba45cf723d  mailman-debuginfo-2.1.5.1-34.rhel4.5.ia64.rpm

ppc:
44ad39bb47c903413d8b6ffd930263dd  mailman-2.1.5.1-34.rhel4.5.ppc.rpm
4f2378bf60f794714437f5ae230dba35  mailman-debuginfo-2.1.5.1-34.rhel4.5.ppc.rpm

s390:
338423bc0323023b04f177447ba01fb7  mailman-2.1.5.1-34.rhel4.5.s390.rpm
733544b11b96726a0bade226ddd66abe  mailman-debuginfo-2.1.5.1-34.rhel4.5.s390.rpm

s390x:
e2f64e5975246be9b939d0a6e878fa61  mailman-2.1.5.1-34.rhel4.5.s390x.rpm
aaa1f9d30a557cd0a05e17795372e7ce  mailman-debuginfo-2.1.5.1-34.rhel4.5.s390x.rpm

x86_64:
92921797e6bdab3c60f739a386e47d0b  mailman-2.1.5.1-34.rhel4.5.x86_64.rpm
eff45cff79d327333feac959ebf3e9a4  mailman-debuginfo-2.1.5.1-34.rhel4.5.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
c93f0d4ba430ee583e22565d46ad4ca7  mailman-2.1.5.1-34.rhel4.5.src.rpm

i386:
9ab4155e1c5510abf085c9af828f57eb  mailman-2.1.5.1-34.rhel4.5.i386.rpm
269153aac17ce9e233f78b3ffe8e2aef  mailman-debuginfo-2.1.5.1-34.rhel4.5.i386.rpm

x86_64:
92921797e6bdab3c60f739a386e47d0b  mailman-2.1.5.1-34.rhel4.5.x86_64.rpm
eff45cff79d327333feac959ebf3e9a4  mailman-debuginfo-2.1.5.1-34.rhel4.5.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
c93f0d4ba430ee583e22565d46ad4ca7  mailman-2.1.5.1-34.rhel4.5.src.rpm

i386:
9ab4155e1c5510abf085c9af828f57eb  mailman-2.1.5.1-34.rhel4.5.i386.rpm
269153aac17ce9e233f78b3ffe8e2aef  mailman-debuginfo-2.1.5.1-34.rhel4.5.i386.rpm

ia64:
a42338d32e130205035d1ffe852fa2d1  mailman-2.1.5.1-34.rhel4.5.ia64.rpm
b32a43800a955c99aaaa63ba45cf723d  mailman-debuginfo-2.1.5.1-34.rhel4.5.ia64.rpm

x86_64:
92921797e6bdab3c60f739a386e47d0b  mailman-2.1.5.1-34.rhel4.5.x86_64.rpm
eff45cff79d327333feac959ebf3e9a4  mailman-debuginfo-2.1.5.1-34.rhel4.5.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
c93f0d4ba430ee583e22565d46ad4ca7  mailman-2.1.5.1-34.rhel4.5.src.rpm

i386:
9ab4155e1c5510abf085c9af828f57eb  mailman-2.1.5.1-34.rhel4.5.i386.rpm
269153aac17ce9e233f78b3ffe8e2aef  mailman-debuginfo-2.1.5.1-34.rhel4.5.i386.rpm

ia64:
a42338d32e130205035d1ffe852fa2d1  mailman-2.1.5.1-34.rhel4.5.ia64.rpm
b32a43800a955c99aaaa63ba45cf723d  mailman-debuginfo-2.1.5.1-34.rhel4.5.ia64.rpm

x86_64:
92921797e6bdab3c60f739a386e47d0b  mailman-2.1.5.1-34.rhel4.5.x86_64.rpm
eff45cff79d327333feac959ebf3e9a4  mailman-debuginfo-2.1.5.1-34.rhel4.5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://access.redhat.com/security/team/key#package

7. References:

https://www.cve.org/CVERecord?id=CVE-2006-2941
https://www.cve.org/CVERecord?id=CVE-2006-3636
https://access.redhat.com/security/updates/classification#moderate

8. Contact:

The Red Hat security contact is .  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.

Warning: Undefined array key "solution" in /var/www/www.linuxsecurity.com-443/html/lsadvisories/lsadvisories.php on line 316

Red Hat: RHSA-2021:2304-01 Important: OpenSSL Security Vulnerability

red hat
Calendar Grey September 8, 2006
Dist Redhat Esm H88
Important mailman enhancement for Red Hat Enterprise Linux addresses DoS and XSS vulnerabilities with moderate impact on security.
Updated mailman packages that fix security issues are now available for Red Hat Enterprise Linux 3 and 4

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

198344 - CVE-2006-2941 Mailman DoS 203704 - CVE-2006-3636 Mailman XSS issues

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS: aadc1f8f782b3bb77723aaf58f3075dd mailman-2.1.5.1-25.rhel3.7.src.rpm

i386: 06ad7a3f4da347456466fa4f5e2fa7c3 mailman-2.1.5.1-25.rhel3.7.i386.rpm c11347caf70b2d35f6ee3e5ad85a1e2a mailman-debuginfo-2.1.5.1-25.rhel3.7.i386.rpm

ia64: 930f1caafb3f9a52df581ec287688b77 mailman-2.1.5.1-25.rhel3.7.ia64.rpm 506a05ea921cc2db4a6bd780fe675984 mailman-debuginfo-2.1.5.1-25.rhel3.7.ia64.rpm

ppc: 3b25506baa71db64e4b5f46891995348 mailman-2.1.5.1-25.rhel3.7.ppc.rpm 7b88f8c12c8b1a8dc847bfb847cbd6be mailman-debuginfo-2.1.5.1-25.rhel3.7.ppc.rpm

s390: 10d5202c49895d7cd7735fd26a631a18 mailman-2.1.5.1-25.rhel3.7.s390.rpm 644052a0ec97d49a7e6f304dcd8d3103 mailman-debuginfo-2.1.5.1-25.rhel3.7.s390.rpm

s390x: c5db1d523b4ab0107c073d08da7fa067 mailman-2.1.5.1-25.rhel3.7.s390x.rpm 99eb2c04ffa8bbc4d5cc39e580a91036 mailman-debuginfo-2.1.5.1-25.rhel3.7.s390x.rpm

x86_64: 13322c51c7935facde94c51751d9cfed mailman-2.1.5.1-25.rhel3.7.x86_64.rpm e558b981f58e456777900935c586acc5 mailman-debuginfo-2.1.5.1-25.rhel3.7.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: aadc1f8f782b3bb77723aaf58f3075dd mailman-2.1.5.1-25.rhel3.7.src.rpm

i386: 06ad7a3f4da347456466fa4f5e2fa7c3 mailman-2.1.5.1-25.rhel3.7.i386.rpm c11347caf70b2d35f6ee3e5ad85a1e2a mailman-debuginfo-2.1.5.1-25.rhel3.7.i386.rpm

x86_64: 13322c51c7935facde94c51751d9cfed mailman-2.1.5.1-25.rhel3.7.x86_64.rpm e558b981f58e456777900935c586acc5 mailman-debuginfo-2.1.5.1-25.rhel3.7.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: aadc1f8f782b3bb77723aaf58f3075dd mailman-2.1.5.1-25.rhel3.7.src.rpm

i386: 06ad7a3f4da347456466fa4f5e2fa7c3 mailman-2.1.5.1-25.rhel3.7.i386.rpm c11347caf70b2d35f6ee3e5ad85a1e2a mailman-debuginfo-2.1.5.1-25.rhel3.7.i386.rpm

ia64: 930f1caafb3f9a52df581ec287688b77 mailman-2.1.5.1-25.rhel3.7.ia64.rpm 506a05ea921cc2db4a6bd780fe675984 mailman-debuginfo-2.1.5.1-25.rhel3.7.ia64.rpm

x86_64: 13322c51c7935facde94c51751d9cfed mailman-2.1.5.1-25.rhel3.7.x86_64.rpm e558b981f58e456777900935c586acc5 mailman-debuginfo-2.1.5.1-25.rhel3.7.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: aadc1f8f782b3bb77723aaf58f3075dd mailman-2.1.5.1-25.rhel3.7.src.rpm

i386: 06ad7a3f4da347456466fa4f5e2fa7c3 mailman-2.1.5.1-25.rhel3.7.i386.rpm c11347caf70b2d35f6ee3e5ad85a1e2a mailman-debuginfo-2.1.5.1-25.rhel3.7.i386.rpm

ia64: 930f1caafb3f9a52df581ec287688b77 mailman-2.1.5.1-25.rhel3.7.ia64.rpm 506a05ea921cc2db4a6bd780fe675984 mailman-debuginfo-2.1.5.1-25.rhel3.7.ia64.rpm

x86_64: 13322c51c7935facde94c51751d9cfed mailman-2.1.5.1-25.rhel3.7.x86_64.rpm e558b981f58e456777900935c586acc5 mailman-debuginfo-2.1.5.1-25.rhel3.7.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS: c93f0d4ba430ee583e22565d46ad4ca7 mailman-2.1.5.1-34.rhel4.5.src.rpm

i386: 9ab4155e1c5510abf085c9af828f57eb mailman-2.1.5.1-34.rhel4.5.i386.rpm 269153aac17ce9e233f78b3ffe8e2aef mailman-debuginfo-2.1.5.1-34.rhel4.5.i386.rpm

ia64: a42338d32e130205035d1ffe852fa2d1 mailman-2.1.5.1-34.rhel4.5.ia64.rpm b32a43800a955c99aaaa63ba45cf723d mailman-debuginfo-2.1.5.1-34.rhel4.5.ia64.rpm

ppc: 44ad39bb47c903413d8b6ffd930263dd mailman-2.1.5.1-34.rhel4.5.ppc.rpm 4f2378bf60f794714437f5ae230dba35 mailman-debuginfo-2.1.5.1-34.rhel4.5.ppc.rpm

s390: 338423bc0323023b04f177447ba01fb7 mailman-2.1.5.1-34.rhel4.5.s390.rpm 733544b11b96726a0bade226ddd66abe mailman-debuginfo-2.1.5.1-34.rhel4.5.s390.rpm

s390x: e2f64e5975246be9b939d0a6e878fa61 mailman-2.1.5.1-34.rhel4.5.s390x.rpm aaa1f9d30a557cd0a05e17795372e7ce mailman-debuginfo-2.1.5.1-34.rhel4.5.s390x.rpm

x86_64: 92921797e6bdab3c60f739a386e47d0b mailman-2.1.5.1-34.rhel4.5.x86_64.rpm eff45cff79d327333feac959ebf3e9a4 mailman-debuginfo-2.1.5.1-34.rhel4.5.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS: c93f0d4ba430ee583e22565d46ad4ca7 mailman-2.1.5.1-34.rhel4.5.src.rpm

i386: 9ab4155e1c5510abf085c9af828f57eb mailman-2.1.5.1-34.rhel4.5.i386.rpm 269153aac17ce9e233f78b3ffe8e2aef mailman-debuginfo-2.1.5.1-34.rhel4.5.i386.rpm

x86_64: 92921797e6bdab3c60f739a386e47d0b mailman-2.1.5.1-34.rhel4.5.x86_64.rpm eff45cff79d327333feac959ebf3e9a4 mailman-debuginfo-2.1.5.1-34.rhel4.5.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS: c93f0d4ba430ee583e22565d46ad4ca7 mailman-2.1.5.1-34.rhel4.5.src.rpm

i386: 9ab4155e1c5510abf085c9af828f57eb mailman-2.1.5.1-34.rhel4.5.i386.rpm 269153aac17ce9e233f78b3ffe8e2aef mailman-debuginfo-2.1.5.1-34.rhel4.5.i386.rpm

ia64: a42338d32e130205035d1ffe852fa2d1 mailman-2.1.5.1-34.rhel4.5.ia64.rpm b32a43800a955c99aaaa63ba45cf723d mailman-debuginfo-2.1.5.1-34.rhel4.5.ia64.rpm

x86_64: 92921797e6bdab3c60f739a386e47d0b mailman-2.1.5.1-34.rhel4.5.x86_64.rpm eff45cff79d327333feac959ebf3e9a4 mailman-debuginfo-2.1.5.1-34.rhel4.5.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS: c93f0d4ba430ee583e22565d46ad4ca7 mailman-2.1.5.1-34.rhel4.5.src.rpm

i386: 9ab4155e1c5510abf085c9af828f57eb mailman-2.1.5.1-34.rhel4.5.i386.rpm 269153aac17ce9e233f78b3ffe8e2aef mailman-debuginfo-2.1.5.1-34.rhel4.5.i386.rpm

ia64: a42338d32e130205035d1ffe852fa2d1 mailman-2.1.5.1-34.rhel4.5.ia64.rpm b32a43800a955c99aaaa63ba45cf723d mailman-debuginfo-2.1.5.1-34.rhel4.5.ia64.rpm

x86_64: 92921797e6bdab3c60f739a386e47d0b mailman-2.1.5.1-34.rhel4.5.x86_64.rpm eff45cff79d327333feac959ebf3e9a4 mailman-debuginfo-2.1.5.1-34.rhel4.5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package

Summary

Topics%20covered

Topics Covered

security advisory red hat moderate threat doS xss mailman

References

https://www.cve.org/CVERecord?id=CVE-2006-2941 https://www.cve.org/CVERecord?id=CVE-2006-3636 https://access.redhat.com/security/updates/classification#moderate

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2006:0600-01
Advisory URL: https://access.redhat.com/errata/RHSA-2006:0600.html
Issue date: 2006-09-06
Updated on: 2006-09-06
Product: Red Hat Enterprise Linux

Topic

Topics%20covered

Topics Covered

security advisory red hat moderate threat doS xss mailman

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Desktop version 3 - i386, x86_64

Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here