Mandrake Linux Advisory: mailmanFeb 15, 2004, 20:04 (0 Talkback[s])
Mandrake Linux Security Update Advisory
Package name: mailman
A cross-site scripting vulnerability was discovered in mailman's administration interface (CAN-2003-0965). This affects version 2.1 earlier than 2.1.4.
Certain malformed email commands could cause the mailman process to crash. (CAN-2003-0991). This affects version 2.0 earler than 2.0.14.
Another cross-site scripting vulnerability was found in mailman's 'create' CGI script (CAN-2003-0992). This affects version 2.1 earlier than 2.1.3.
Corporate Server 2.1:
Mandrake Linux 9.1:
Mandrake Linux 9.1/PPC:
Mandrake Linux 9.2:
Mandrake Linux 9.2/AMD64:
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
A list of FTP mirrors can be obtained from:
All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team by executing:
gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98
Please be aware that sometimes it takes the mirrors a few hours to update.
You can view other update advisories for Mandrake Linux at:
MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting:
If you want to report vulnerabilities, please contact
0 Talkback[s] (click to add your comment)