lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 27 May 2004 00:34:56 -0000 From: Mandrake Linux Security Team <security@...ux-mandrake.com> To: bugtraq@...urityfocus.com Subject: MDKSA-2004:051 - Updated mailman packages fix password retrieval vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandrakelinux Security Update Advisory _______________________________________________________________________ Package name: mailman Advisory ID: MDKSA-2004:051 Date: May 26th, 2004 Affected versions: 10.0, 9.2 ______________________________________________________________________ Problem Description: Mailman versions >= 2.1 have an issue where 3rd parties can retrieve member passwords from the server. The updated packages have a patch backported from 2.1.5 to correct the issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0412 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: 821d8d83fecdba5067096d112fae2d56 10.0/RPMS/mailman-2.1.4-2.1.100mdk.i586.rpm 982a417f19324d496524c5ed2c970cb8 10.0/SRPMS/mailman-2.1.4-2.1.100mdk.src.rpm Mandrakelinux 10.0/AMD64: 9113b0197b00ebc71c617876bf5cb070 amd64/10.0/RPMS/mailman-2.1.4-2.1.100mdk.amd64.rpm 982a417f19324d496524c5ed2c970cb8 amd64/10.0/SRPMS/mailman-2.1.4-2.1.100mdk.src.rpm Mandrakelinux 9.2: 173edae7feeebe6830154148ff7edc9a 9.2/RPMS/mailman-2.1.2-9.4.92mdk.i586.rpm 05b5f64a88d3aac6c52dae2360659845 9.2/SRPMS/mailman-2.1.2-9.4.92mdk.src.rpm Mandrakelinux 9.2/AMD64: 75f104ecd6bc2152c69e19bfddf38d13 amd64/9.2/RPMS/mailman-2.1.2-9.4.92mdk.amd64.rpm 05b5f64a88d3aac6c52dae2360659845 amd64/9.2/SRPMS/mailman-2.1.2-9.4.92mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAtTevmqjQ0CJFipgRAmPSAJ9VCnxPw2XXc/VxbOBwwEqzLWkSrwCcDtSa +FLLvwDHJk1Uy7dyMsTTvDU= =3jHe -----END PGP SIGNATURE-----
Powered by blists - more mailing lists