Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[USN-267-1] mailman vulnerability
From: Martin Pitt <martin.pitt () canonical com>
Date: Mon, 3 Apr 2006 17:44:00 +0200

===========================================================
Ubuntu Security Notice USN-267-1             April 03, 2006
mailman vulnerability
CVE-2006-0052
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

mailman

The problem can be corrected by upgrading the affected package to
version 2.1.5-1ubuntu2.7 (for Ubuntu 4.10), 2.1.5-7ubuntu0.2 (for
Ubuntu 5.04), or 2.1.5-8ubuntu2.2 (for Ubuntu 5.10).  In general, a
standard system upgrade is sufficient to effect the necessary changes.

Details follow:

A remote Denial of Service vulnerability was discovered in the decoder
for multipart messages. Certain parts of type "message/delivery-status"
or parts containing only two blank lines triggered an exception. An
attacker could exploit this to crash Mailman by sending a
specially crafted email to a mailing list.


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.6.diff.gz
      Size/MD5:   129586 afe3458984e5e9f5a1f5eef989ec932f
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.6.dsc
      Size/MD5:      660 e887a2ea8fe445c7a720b6efe35a0333
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.7.diff.gz
      Size/MD5:   129614 bc0129f6097c462550616bf2012151ed
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.7.dsc
      Size/MD5:      660 73d398cee1d4f72d16fdc607761f3952
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5.orig.tar.gz
      Size/MD5:  5745912 f5f56f04747cd4aff67427e7a45631af

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.7_amd64.deb
      Size/MD5:  6603204 89a5954c4d69d589fcc280fa679862ae

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.7_i386.deb
      Size/MD5:  6602668 572982592e4ea951fa367e24ca26029e

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.7_powerpc.deb
      Size/MD5:  6611506 03f02dc979a621210890c65883cd3de3

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-7ubuntu0.2.diff.gz
      Size/MD5:   119058 27d1ada429ee666c2489949170bdf65a
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-7ubuntu0.2.dsc
      Size/MD5:      669 93aa134f2487e3838eb69ffaa0dee04b
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5.orig.tar.gz
      Size/MD5:  5745912 f5f56f04747cd4aff67427e7a45631af

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-7ubuntu0.2_amd64.deb
      Size/MD5:  6610074 75cd10d540dc50b67b8f271437b92d66

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-7ubuntu0.2_i386.deb
      Size/MD5:  6609684 79ef59939b698b6902d0bd126d5c9808

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-7ubuntu0.2_powerpc.deb
      Size/MD5:  6616868 e36b0f214f7b491a1e7a5093ed5d3f36

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-8ubuntu2.2.diff.gz
      Size/MD5:   194734 ef52a2cdbb5d128114b3d061aa63250d
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-8ubuntu2.2.dsc
      Size/MD5:      626 6f3372cd870c7235cb7ec40028d22a21
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5.orig.tar.gz
      Size/MD5:  5745912 f5f56f04747cd4aff67427e7a45631af

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-8ubuntu2.2_amd64.deb
      Size/MD5:  6610676 96266ffd29b1de32c4cd8ed2bf3c071b

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-8ubuntu2.2_i386.deb
      Size/MD5:  6609910 49207c94cd3d28ffc282bbbee2f03f4c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-8ubuntu2.2_powerpc.deb
      Size/MD5:  6617252 f6e0441bbc47f0b3648ce040b90d4f29

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [USN-267-1] mailman vulnerability Martin Pitt (Apr 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]