Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.60592 |
Category: | Ubuntu Local Security Checks |
Title: | Ubuntu USN-586-1 (mailman) |
Summary: | NOSUMMARY |
Description: | Description: The remote host is missing an update to mailman announced via advisory USN-586-1. A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Details follow: Multiple cross-site scripting flaws were discovered in mailman. A malicious list administrator could exploit this to execute arbitrary JavaScript, potentially stealing user credentials. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: mailman 2.1.5-9ubuntu4.2 Ubuntu 6.10: mailman 1:2.1.8-2ubuntu2.1 Ubuntu 7.04: mailman 1:2.1.9-4ubuntu1.2 Ubuntu 7.10: mailman 1:2.1.9-8ubuntu0.2 In general, a standard system upgrade is sufficient to effect the necessary changes. NOTE: Due to an internal release testing mistake, earlier published mailman versions 1:2.1.9-4ubuntu1.1 (for Ubuntu 7.04) and 1:2.1.9-8ubuntu0.1 (for Ubuntu 7.10) accidentally included an incorrect patch and caused a regression, as reported in https://launchpad.net/bugs/202332 This update includes fixes for the problem. We apologize for the inconvenience. https://secure1.securityspace.com/smysecure/catid.html?in=USN-586-1 Risk factor : Medium CVSS Score: 4.3 |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-0564 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html BugTraq ID: 27630 http://www.securityfocus.com/bid/27630 Bugtraq: 20080215 rPSA-2008-0056-1 mailman (Google Search) http://www.securityfocus.com/archive/1/488236/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061 http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html http://www.redhat.com/support/errata/RHSA-2011-0307.html http://secunia.com/advisories/28794 http://secunia.com/advisories/28916 http://secunia.com/advisories/28966 http://secunia.com/advisories/29249 http://secunia.com/advisories/29388 http://secunia.com/advisories/31687 http://secunia.com/advisories/43549 SuSE Security Announcement: SUSE-SR:2008:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://www.ubuntu.com/usn/usn-586-1 http://www.vupen.com/english/advisories/2008/0422 http://www.vupen.com/english/advisories/2011/0542 |
Copyright | Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |