Mandrake Linux Security Update Advisory
Package name: mailman
Advisory ID: MDKSA-2004:013
Date: February 13th, 2004
Affected versions: 9.1, 9.2, Corporate Server 2.1
Problem Description:
A cross-site scripting vulnerability was discovered in mailman’s
administration interface (CAN-2003-0965). This affects version 2.1
earlier than 2.1.4.
Certain malformed email commands could cause the mailman process
to crash. (CAN-2003-0991). This affects version 2.0 earler than
2.0.14.
Another cross-site scripting vulnerability was found in
mailman’s ‘create’ CGI script (CAN-2003-0992). This affects version
2.1 earlier than 2.1.3.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0965
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0992
Updated Packages:
Corporate Server 2.1:
a0ac98afa71a63f3c0616fd2ce985c5d
corporate/2.1/RPMS/mailman-2.0.14-1.1.C21mdk.i586.rpm
a9fcc088e7c2b0fa1e4688ce35c7ab74
corporate/2.1/SRPMS/mailman-2.0.14-1.1.C21mdk.src.rpm
Mandrake Linux 9.1:
eb1802f70b4bc6f96281b03412e872ed
9.1/RPMS/mailman-2.0.14-1.1.91mdk.i586.rpm
254a0e9e2217efdfa0a7b3f4fe78ce98
9.1/SRPMS/mailman-2.0.14-1.1.91mdk.src.rpm
Mandrake Linux 9.1/PPC:
280f17696e2a062d8745715ba071ad9f
ppc/9.1/RPMS/mailman-2.0.14-1.1.91mdk.ppc.rpm
254a0e9e2217efdfa0a7b3f4fe78ce98
ppc/9.1/SRPMS/mailman-2.0.14-1.1.91mdk.src.rpm
Mandrake Linux 9.2:
33caa846a9d12696b2e75866692c3744
9.2/RPMS/mailman-2.1.2-9.3.92mdk.i586.rpm
91c48fbb577ee1f0d47ce1d1e5b31ae1
9.2/SRPMS/mailman-2.1.2-9.3.92mdk.src.rpm
Mandrake Linux 9.2/AMD64:
5bed899faba7848ac5fa29e5a10b73b2
amd64/9.2/RPMS/mailman-2.1.2-9.3.92mdk.amd64.rpm
91c48fbb577ee1f0d47ce1d1e5b31ae1
amd64/9.2/SRPMS/mailman-2.1.2-9.3.92mdk.src.rpm
To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
A list of FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
All packages are signed by MandrakeSoft for security. You can
obtain the GPG public key of the Mandrake Linux Security Team by
executing:
gpg –recv-keys –keyserver www.mandrakesecure.net
0x22458A98
Please be aware that sometimes it takes the mirrors a few hours
to update.
You can view other update advisories for Mandrake Linux at:
http://www.mandrakesecure.net/en/advisories/
MandrakeSoft has several security-related mailing list services
that anyone can subscribe to. Information on these lists can be
obtained by visiting:
http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
| Type | Bits/KeyID | Date | User ID |
| pub | 1024D/22458A98 | 2000-07-10 | Linux Mandrake Security Team <security linux-mandrake.com> |
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.