Solution
Please Install the Updated Packages.
Insight
Mailman is a program used to help manage email discussion lists.
Multiple input sanitization flaws were found in the way Mailman displayed usernames of subscribed users on certain pages. If a user who is subscribed to a mailing list were able to trick a victim into visiting one of those pages, they could perform a cross-site scripting (XSS) attack against the victim. (CVE-2011-0707)
Multiple input sanitization flaws were found in the way Mailman displayed mailing list information. A mailing list administrator could use this flaw to conduct a cross-site scripting (XSS) attack against victims viewing a list's "
listinfo"
page. (CVE-2008-0564, CVE-2010-3089)
Red Hat would like to thank Mark Sapiro for reporting the CVE-2011-0707 and CVE-2010-3089 issues.
Users of mailman should upgrade to this updated package, which contains backported patches to correct these issues.
Affected
mailman on CentOS 4
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-0564, CVE-2010-3089, CVE-2011-0707 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities