Ranjivost programskog paketa mailman

Preporuke

by ncert - 4. svibnja 2015.4. svibnja 2015.0

Detalji os-a: FED
Važnost: IMP
Operativni sustavi: L
Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2015-5216
2015-04-01 21:09:35
——————————————————————————–

Name : mailman
Product : Fedora 21
Version : 2.1.20
Release : 1.fc21
URL : http://www.list.org/
Summary : Mailing list manager with built in Web access
Description :
Mailman is software to help manage email discussion lists, much like
Majordomo and Smartmail. Unlike most similar products, Mailman gives
each mailing list a webpage, and allows users to subscribe,
unsubscribe, etc. over the Web. Even the list manager can administer
his or her list entirely from the Web. Mailman also integrates most
things people want to do with mailing lists, including archiving, mail
<-> news gateways, and so on.

Documentation can be found in: /usr/share/doc/mailman

When the package has finished installing, you will need to perform some
additional installation steps, these are described in:
/usr/share/doc/mailman/INSTALL.REDHAT

——————————————————————————–
Update Information:

Update to new version 2.1.20.
Fix dependency on python-dns.
——————————————————————————–
ChangeLog:

* Wed Apr 1 2015 Jan Kaluza <jkaluza@redhat.com> – 3:2.1.20-1
– update to new upstream versino 2.1.20 (#1207900)
* Mon Mar 2 2015 Jan Kaluza <jkaluza@redhat.com> – 3:2.1.19-1
– update to new upstream version 2.1.19 (#1187894)
* Tue Feb 17 2015 Jan Kaluza <jkaluza@redhat.com> – 3:2.1.18.1-4
– require python-dns
——————————————————————————–
References:

[ 1 ] Bug #1208059 – CVE-2015-2775 mailman: directory traversal in MTA transports that deliver programmatically
https://bugzilla.redhat.com/show_bug.cgi?id=1208059
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update mailman’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Autor	Tomislav Protega
Cert id	NCERT-REF-2015-05-0017-ADV
Cve	CVE-2015-2775
ID izvornika	FEDORA-2015-5216
Proizvod	mailman
Izvor	http://www.redhat.com

Ranjivost programskog paketa mailman

Archives

More in Preporuke

Sigurnosni nedostaci programskog paketa curl