[Mailman-Users] Security holes?
Per Starback
starback at ling.uu.se
Thu May 25 01:43:08 CEST 2000
Red Hat recently sent out the following. I don't use the Red Hat
rpms, but have installed mailman on my own, so naturally I wonder what
security holes they are talking about. In what versions of Mailman do
they exist?
> From: bugzilla at redhat.com
> Subject: [RHSA-2000:030-01] Updated mailman packages are available.
> To: redhat-watch-list at redhat.com
> Date: Wed, 24 May 2000 18:24 -0400
>
> ---------------------------------------------------------------------
> Red Hat, Inc. Security Advisory
>
> Synopsis: Updated mailman packages are available.
> Advisory ID: RHSA-2000:030-01
> Issue date: 2000-05-24
> Updated on: 2000-05-24
> Product: Red Hat Secure Web Server
> Keywords: N/A
> Cross references: N/A
> ---------------------------------------------------------------------
>
> 1. Topic:
>
> New mailman packages are available which close security holes present
> in earlier versions of mailman.
>
> 2. Relevant releases/architectures:
>
> Red Hat Secure Web Server 3.0 - i386
> Red Hat Secure Web Server 3.1 - i386 alpha sparc
> Red Hat Secure Web Server 3.2 - i386
>
> 3. Problem description:
>
> New mailman packages are available which close security holes present
> in earlier versions of mailman. All sites using the mailman mailing
> list management software should upgrade.
>
> 4. Solution:
>
> For each RPM for your particular architecture, run:
>
> rpm -Fvh [filename]
>
> where filename is the name of the RPM.
>
> 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
>
> N/A
>
> 6. RPMs required:
>
> Red Hat Secure Web Server 3.2:
>
> intel:
> ftp://ftp.redhat.com/pub/redhat/updates/secureweb/3.2/i386/mailman-2.0beta2-1.i386.rpm
>
> sources:
> ftp://ftp.redhat.com/pub/redhat/updates/secureweb/3.2/SRPMS/mailman-2.0beta2-1.src.rpm
>
> 7. Verification:
>
> MD5 sum Package Name
> --------------------------------------------------------------------------
> 4515cf682bfb0c4a87c9ac6def8d5ec7 3.2/SRPMS/mailman-2.0beta2-1.src.rpm
> ccaf8e103c609bfa7769dfff4cf7f532 3.2/i386/mailman-2.0beta2-1.i386.rpm
>
> These packages are GPG signed by Red Hat, Inc. for security. Our key
> is available at:
> http://www.redhat.com/corp/contact.html
>
> You can verify each package with the following command:
> rpm --checksig <filename>
>
> If you only wish to verify that each package has not been corrupted or
> tampered with, examine only the md5sum with the following command:
> rpm --checksig --nogpg <filename>
>
> 8. References:
>
> N/A
More information about the Mailman-Users
mailing list