|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Debian Local Security Checks >> [DSA674] DSA-674-3 mailman Vulnerability Assessment Details
|
[DSA674] DSA-674-3 mailman |
||
DSA-674-3 mailman Detailed Explanation for this Vulnerability Assessment Due to an incompatibility between Python 1.5 and 2.1 the last mailman update did not run with Python 1.5 anymore. This problem is corrected with this update. This advisory only updates the packages updated with DSA 674-2. The version in unstable is not affected since it is not supposed to work with Python 1.5 anymore. For completeness below is the original advisory text: Two security related problems have been discovered in mailman, web-based GNU mailing list manager. The Common Vulnerabilities and Exposures project identifies the following problems: Florian Weimer discovered a cross-site scripting vulnerability in mailman's automatically generated error messages. A possible hacker could craft an URL containing JavaScript (or other content embedded into HTML) which triggered a mailman error page that would include the malicious code verbatim. Several listmasters have noticed unauthorised access to archives of private lists and the list configuration itself, including the users passwords. Administrators are advised to check the webserver logfiles for requests that contain "/...../" and the path to the archives or configuration. This does only seem to affect installations running on web servers that do not strip slashes, such as Apache 1.3. For the stable distribution (woody) these problems have been fixed in version 2.0.11-1woody11. For the unstable distribution (sid) these problems have been fixed in version 2.1.5-6. We recommend that you upgrade your mailman package. Solution : http://www.debian.org/security/2005/dsa-674 Network Security Threat Level: High Networks Security ID: Vulnerability Assessment Copyright: This script is (C) 2005 Michel Arboi |
||
Cables, Connectors |
Bare S100 CPU Replacement for ALTAIR 8800 IMSAI 8080 JAIR Single Board Computer
$42.00
MITS ALTAIR 8800 Original Vintage Microcomputer
$6000.00
MITS Altair 8800 Computer Bamboo Reproduction Arduino Tested Working Assembled
$649.99
MITS ALTAIR 8800 Original Vintage Microcomputer S-100 Buy It Now $5999
$5999.00
1974 Early Microcomputers by MITS Altair 8800's Ed Roberts HP-9810 Mark-8 Scelbi
$55.00
MITS ALTAIR 8800 Original Vintage Microcomputer with 14 boards - Buy It Now
$9500.00
Altair MITS 8800 CPU Card 8080A S-100 S100 replica IMSAI CP/M
$35.00
$22.50
Build S-100 Bus Computer Peripherals Altair 8800 IMSAI 8080 Disk I/O Graphics
$59.99
VINTAGE DEC 1975 VOL 1 ISSUE 1 SCCS INTERFACE MAGAZINE MITS ALTAIR COVER & ADS
$359.99
|
||
No Discussions have been posted on this vulnerability. |