[Mailman-Users] Security holes?

Per Starback starback at ling.uu.se
Thu May 25 01:43:08 CEST 2000 

Red Hat recently sent out the following.  I don't use the Red Hat
rpms, but have installed mailman on my own, so naturally I wonder what
security holes they are talking about.  In what versions of Mailman do
they exist?

> From: bugzilla at redhat.com
> Subject: [RHSA-2000:030-01] Updated mailman packages are available.
> To: redhat-watch-list at redhat.com
> Date:   Wed, 24 May 2000 18:24 -0400
> 
> ---------------------------------------------------------------------
> 		     Red Hat, Inc. Security Advisory
> 
> Synopsis:          Updated mailman packages are available.
> Advisory ID:       RHSA-2000:030-01
> Issue date:        2000-05-24
> Updated on:        2000-05-24
> Product:           Red Hat Secure Web Server
> Keywords:          N/A
> Cross references:  N/A
> ---------------------------------------------------------------------
> 
> 1. Topic:
> 
> New mailman packages are available which close security holes present
> in earlier versions of mailman.
> 
> 2. Relevant releases/architectures:
> 
> Red Hat Secure Web Server 3.0 - i386
> Red Hat Secure Web Server 3.1 - i386 alpha sparc
> Red Hat Secure Web Server 3.2 - i386
> 
> 3. Problem description:
> 
> New mailman packages are available which close security holes present
> in earlier versions of mailman.  All sites using the mailman mailing
> list management software should upgrade.
> 
> 4. Solution:
> 
> For each RPM for your particular architecture, run:
> 
> rpm -Fvh [filename]
> 
> where filename is the name of the RPM.
> 
> 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
> 
> N/A
> 
> 6. RPMs required:
> 
> Red Hat Secure Web Server 3.2:
> 
> intel:
> ftp://ftp.redhat.com/pub/redhat/updates/secureweb/3.2/i386/mailman-2.0beta2-1.i386.rpm
> 
> sources:
> ftp://ftp.redhat.com/pub/redhat/updates/secureweb/3.2/SRPMS/mailman-2.0beta2-1.src.rpm
> 
> 7. Verification:
> 
> MD5 sum                           Package Name
> --------------------------------------------------------------------------
> 4515cf682bfb0c4a87c9ac6def8d5ec7  3.2/SRPMS/mailman-2.0beta2-1.src.rpm
> ccaf8e103c609bfa7769dfff4cf7f532  3.2/i386/mailman-2.0beta2-1.i386.rpm
> 
> These packages are GPG signed by Red Hat, Inc. for security.  Our key
> is available at:
>     http://www.redhat.com/corp/contact.html
> 
> You can verify each package with the following command:
>     rpm --checksig  <filename>
> 
> If you only wish to verify that each package has not been corrupted or
> tampered with, examine only the md5sum with the following command:
>     rpm --checksig --nogpg <filename>
> 
> 8. References:
> 
> N/A

More information about the Mailman-Users mailing list