USN-267-1: mailman vulnerability
Posted on: 04/03/2006 04:52 PM

A new mailman vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-267-1 April 03, 2006
mailman vulnerability
CVE-2006-0052
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

mailman

The problem can be corrected by upgrading the affected package to
version 2.1.5-1ubuntu2.7 (for Ubuntu 4.10), 2.1.5-7ubuntu0.2 (for
Ubuntu 5.04), or 2.1.5-8ubuntu2.2 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes.

Details follow:

A remote Denial of Service vulnerability was discovered in the decoder
for multipart messages. Certain parts of type "message/delivery-status"
or parts containing only two blank lines triggered an exception. An
attacker could exploit this to crash Mailman by sending a
specially crafted email to a mailing list.


Updated packages for Ubuntu 4.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.6.diff.gz
Size/MD5: 129586 afe3458984e5e9f5a1f5eef989ec932f
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.6.dsc
Size/MD5: 660 e887a2ea8fe445c7a720b6efe35a0333
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.7.diff.gz
Size/MD5: 129614 bc0129f6097c462550616bf2012151ed
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.7.dsc
Size/MD5: 660 73d398cee1d4f72d16fdc607761f3952
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5.orig.tar.gz
Size/MD5: 5745912 f5f56f04747cd4aff67427e7a45631af

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.7_amd64.deb
Size/MD5: 6603204 89a5954c4d69d589fcc280fa679862ae

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.7_i386.deb
Size/MD5: 6602668 572982592e4ea951fa367e24ca26029e

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.7_powerpc.deb
Size/MD5: 6611506 03f02dc979a621210890c65883cd3de3

Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-7ubuntu0.2.diff.gz
Size/MD5: 119058 27d1ada429ee666c2489949170bdf65a
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-7ubuntu0.2.dsc
Size/MD5: 669 93aa134f2487e3838eb69ffaa0dee04b
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5.orig.tar.gz
Size/MD5: 5745912 f5f56f04747cd4aff67427e7a45631af

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-7ubuntu0.2_amd64.deb
Size/MD5: 6610074 75cd10d540dc50b67b8f271437b92d66

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-7ubuntu0.2_i386.deb
Size/MD5: 6609684 79ef59939b698b6902d0bd126d5c9808

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-7ubuntu0.2_powerpc.deb
Size/MD5: 6616868 e36b0f214f7b491a1e7a5093ed5d3f36

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-8ubuntu2.2.diff.gz
Size/MD5: 194734 ef52a2cdbb5d128114b3d061aa63250d
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-8ubuntu2.2.dsc
Size/MD5: 626 6f3372cd870c7235cb7ec40028d22a21
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5.orig.tar.gz
Size/MD5: 5745912 f5f56f04747cd4aff67427e7a45631af

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-8ubuntu2.2_amd64.deb
Size/MD5: 6610676 96266ffd29b1de32c4cd8ed2bf3c071b

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-8ubuntu2.2_i386.deb
Size/MD5: 6609910 49207c94cd3d28ffc282bbbee2f03f4c

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-8ubuntu2.2_powerpc.deb
Size/MD5: 6617252 f6e0441bbc47f0b3648ce040b90d4f29

--QxN5xOWGsmh5a4wb
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEMULADecnbV4Fd/IRAlbqAKC3muOyzGCAymDxtQV4iMUGvFTgIgCg/NMJ
7dtKRDmIjUHVjijsaXf7q+k=
=PEyD
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_267_1_mailman_vulnerability.html)