Advisories:rPSA-2006-0165

From rPath Wiki

rPath Security Advisory 2006-0165-2

Published: 2006-09-08

Updated

1. 2006-09-15 Updated to official upstream version

Products

• rPath Linux 1

Rating

Major

Exposure Level Classification

Remote Deterministic Weakness

Updated Versions

• mailman=conary.rpath.com@rpl:1/2.1.9-0.2-1

rPath Issue Tracking System

• RPL-623

References

• CVE-2006-2941
• CVE-2006-3636

Description

Previous versions of the mailman package are vulnerable to a

cross-site-scripting (XSS) attack (CVE-2006-2941) that can allow

one mailman user to subvert other mailman users' web browsers.

(Those versions are not vulnerable to CVE-2006-3636, a remote

Denial of Service attack.)

15 September 2006 Update: The initial release to resolve this

vulnerability, version 2.1.6-14.2-1, was marked as an interim

update until the upstream maintainers of mailman released the

official fix in version 2.1.9. This official fix is now

available, and the mailman package has been updated to follow

the official fix.

Copyright 2006 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html