Описание
ELSA-2015-1417: mailman security and bug fix update (MODERATE)
[3:2.1.12-25]
- fix CVE-2002-0389 - local users able to read private mailing list archives
[3:2.1.12-24]
- fix CVE-2015-2775 - directory traversal in MTA transports
[3:2.1.12-23]
- fix #1095359 - handle update when some mailing lists have been created by newer Mailman than this one
[3:2.1.12-22]
- fix #1095359 - add support for DMARC
[3:2.1.12-21]
- fix #1056366 - fix bad subject of the welcome email when creating list using newlist command
[3:2.1.12-20]
- fix #745409 - do not set Indexes in httpd configuration for public archive
- fix #1008139 - fix traceback when list_data_dir is not a child of var_prefix
[3:2.1.12-19]
- fix #765807 - fix traceback when message is received to moderated list
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
mailman
2.1.12-25.el6
Oracle Linux i686
mailman
2.1.12-25.el6
Oracle Linux sparc64
mailman
2.1.12-25.el6
Связанные CVE
Связанные уязвимости
Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.
Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.