| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Apr 2006 17:44:00 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-267-1] mailman vulnerability
===========================================================
Ubuntu Security Notice USN-267-1 April 03, 2006
mailman vulnerability
CVE-2006-0052
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
mailman
The problem can be corrected by upgrading the affected package to
version 2.1.5-1ubuntu2.7 (for Ubuntu 4.10), 2.1.5-7ubuntu0.2 (for
Ubuntu 5.04), or 2.1.5-8ubuntu2.2 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes.
Details follow:
A remote Denial of Service vulnerability was discovered in the decoder
for multipart messages. Certain parts of type "message/delivery-status"
or parts containing only two blank lines triggered an exception. An
attacker could exploit this to crash Mailman by sending a
specially crafted email to a mailing list.
Updated packages for Ubuntu 4.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.6.diff.gz
Size/MD5: 129586 afe3458984e5e9f5a1f5eef989ec932f
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.6.dsc
Size/MD5: 660 e887a2ea8fe445c7a720b6efe35a0333
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.7.diff.gz
Size/MD5: 129614 bc0129f6097c462550616bf2012151ed
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.7.dsc
Size/MD5: 660 73d398cee1d4f72d16fdc607761f3952
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5.orig.tar.gz
Size/MD5: 5745912 f5f56f04747cd4aff67427e7a45631af
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.7_amd64.deb
Size/MD5: 6603204 89a5954c4d69d589fcc280fa679862ae
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.7_i386.deb
Size/MD5: 6602668 572982592e4ea951fa367e24ca26029e
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.7_powerpc.deb
Size/MD5: 6611506 03f02dc979a621210890c65883cd3de3
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-7ubuntu0.2.diff.gz
Size/MD5: 119058 27d1ada429ee666c2489949170bdf65a
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-7ubuntu0.2.dsc
Size/MD5: 669 93aa134f2487e3838eb69ffaa0dee04b
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5.orig.tar.gz
Size/MD5: 5745912 f5f56f04747cd4aff67427e7a45631af
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-7ubuntu0.2_amd64.deb
Size/MD5: 6610074 75cd10d540dc50b67b8f271437b92d66
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-7ubuntu0.2_i386.deb
Size/MD5: 6609684 79ef59939b698b6902d0bd126d5c9808
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-7ubuntu0.2_powerpc.deb
Size/MD5: 6616868 e36b0f214f7b491a1e7a5093ed5d3f36
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-8ubuntu2.2.diff.gz
Size/MD5: 194734 ef52a2cdbb5d128114b3d061aa63250d
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-8ubuntu2.2.dsc
Size/MD5: 626 6f3372cd870c7235cb7ec40028d22a21
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5.orig.tar.gz
Size/MD5: 5745912 f5f56f04747cd4aff67427e7a45631af
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-8ubuntu2.2_amd64.deb
Size/MD5: 6610676 96266ffd29b1de32c4cd8ed2bf3c071b
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-8ubuntu2.2_i386.deb
Size/MD5: 6609910 49207c94cd3d28ffc282bbbee2f03f4c
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-8ubuntu2.2_powerpc.deb
Size/MD5: 6617252 f6e0441bbc47f0b3648ce040b90d4f29
Download attachment "signature.asc" of type "application/pgp-signature" (192 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists