what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice USN-1069-1

Ubuntu Security Notice USN-1069-1
Posted Feb 22, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1069-1 - It was discovered that Mailman did not properly sanitize certain fields, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2010-3089, CVE-2011-0707
SHA-256 | fdba9a23075e131a564baf3270fe1ab05ec54aef3f93be54371d55937b4d212a
Download | Favorite | View

Ubuntu Security Notice USN-1069-1

Change Mirror Download
===========================================================
Ubuntu Security Notice USN-1069-1         February 22, 2011
mailman vulnerabilities
CVE-2010-3089, CVE-2011-0707
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  mailman                         2.1.5-9ubuntu4.4

Ubuntu 8.04 LTS:
  mailman                         1:2.1.9-9ubuntu1.4

Ubuntu 9.10:
  mailman                         1:2.1.12-2ubuntu0.2

Ubuntu 10.04 LTS:
  mailman                         1:2.1.13-1ubuntu0.2

Ubuntu 10.10:
  mailman                         1:2.1.13-4ubuntu0.2

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that Mailman did not properly sanitize certain fields,
resulting in cross-site scripting (XSS) vulnerabilities. With cross-site
scripting vulnerabilities, if a user were tricked into viewing server
output during a crafted server request, a remote attacker could exploit
this to modify the contents, or steal confidential data, within the same
domain.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-9ubuntu4.4.diff.gz
      Size/MD5:   233552 f863a1a24aa3b324374c5ef6c73d40e8
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-9ubuntu4.4.dsc
      Size/MD5:     1275 5c7aff5e4724b0f37e73165c57174819
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5.orig.tar.gz
      Size/MD5:  5745912 f5f56f04747cd4aff67427e7a45631af

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-9ubuntu4.4_amd64.deb
      Size/MD5:  6613272 9f61121b704896caa6ed77d0ecf3bb3e

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-9ubuntu4.4_i386.deb
      Size/MD5:  6612918 e0ee85728d3349f90fbf36b0cb3ef078

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-9ubuntu4.4_powerpc.deb
      Size/MD5:  6621704 92138c75ca590f02763727761e041db5

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-9ubuntu4.4_sparc.deb
      Size/MD5:  6620798 70a0a6a54efd9bc2b4904e06949dcbce

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.9-9ubuntu1.4.diff.gz
      Size/MD5:   158439 e5ed6d3259079e68a5ee38fdd47a907d
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.9-9ubuntu1.4.dsc
      Size/MD5:     1669 610063181cf5ee4314d2df4af31c62c5
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.9.orig.tar.gz
      Size/MD5:  7829201 dd51472470f9eafb04f64da372444835

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.9-9ubuntu1.4_amd64.deb
      Size/MD5:  8671516 3072aa6019cc442661eff312f628ccbb

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.9-9ubuntu1.4_i386.deb
      Size/MD5:  8640154 beb8264b8e628f15d359c4b65f3baf85

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/m/mailman/mailman_2.1.9-9ubuntu1.4_lpia.deb
      Size/MD5:  8611876 f8082dcf4989f1c7052cd54bfb5630cf

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/m/mailman/mailman_2.1.9-9ubuntu1.4_powerpc.deb
      Size/MD5:  8628114 04879eedca47927978251e607955b30b

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/m/mailman/mailman_2.1.9-9ubuntu1.4_sparc.deb
      Size/MD5:  8626834 b6f986a944335509cd9c0281f88a88b8

Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.12-2ubuntu0.2.diff.gz
      Size/MD5:   129415 ee767ed05a51dc926f2402f9c5592cea
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.12-2ubuntu0.2.dsc
      Size/MD5:     2078 5fd10464412a48d0875610cd9e0c2a19
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.12.orig.tar.gz
      Size/MD5:  8010027 d565a6d2d0ec6d2dd6936a81e1c1ca86

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.12-2ubuntu0.2_amd64.deb
      Size/MD5:  9393936 5acbe839045cf9b33948958dd69dbdc8

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.12-2ubuntu0.2_i386.deb
      Size/MD5:  9363122 64ffecf8d9adfd4f3ca01b7d9428db49

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/main/m/mailman/mailman_2.1.12-2ubuntu0.2_armel.deb
      Size/MD5:  9407048 144a873bb812fc837b10079379639f1c

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/m/mailman/mailman_2.1.12-2ubuntu0.2_lpia.deb
      Size/MD5:  9356806 f53911a575b7f06f60ac158de5224acd

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/m/mailman/mailman_2.1.12-2ubuntu0.2_powerpc.deb
      Size/MD5:  9373174 ef27d5c97911d7e64ed7574dc86c5a6a

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/m/mailman/mailman_2.1.12-2ubuntu0.2_sparc.deb
      Size/MD5:  9372306 67fb68e61b9d698fd9ebc6e74ce6e4cd

Updated packages for Ubuntu 10.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.13-1ubuntu0.2.diff.gz
      Size/MD5:   134303 2229842594cc9fc00db4f0633316abfc
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.13-1ubuntu0.2.dsc
      Size/MD5:     2078 c330e0f5c5ca37e2fc3d7dfdaf9da0d2
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.13.orig.tar.gz
      Size/MD5:  8166504 3235323ccb3e0135c10b7c66a440390b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.13-1ubuntu0.2_amd64.deb
      Size/MD5:  9677028 a4793a40c0ffe113a154bae5f7d9cd75

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.13-1ubuntu0.2_i386.deb
      Size/MD5:  9641550 8ad8a21ee56150ff069d5e5197a1e7c0

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/main/m/mailman/mailman_2.1.13-1ubuntu0.2_armel.deb
      Size/MD5:  9619320 517d2559597c601573bdd628a093870d

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/m/mailman/mailman_2.1.13-1ubuntu0.2_powerpc.deb
      Size/MD5:  9651904 d8bc1bf9b54dab78380bb6a073b44328

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/m/mailman/mailman_2.1.13-1ubuntu0.2_sparc.deb
      Size/MD5:  9650100 1433d2eb4465077fbad862ef98ee1860

Updated packages for Ubuntu 10.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.13-4ubuntu0.2.debian.tar.gz
      Size/MD5:   109828 933f9ecfe7c2672da7b724ac541e2038
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.13-4ubuntu0.2.dsc
      Size/MD5:     2097 3378c8f3bd8cb0e0b5ca9b8c63557a53
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.13.orig.tar.gz
      Size/MD5:  8166504 3235323ccb3e0135c10b7c66a440390b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.13-4ubuntu0.2_amd64.deb
      Size/MD5:  9648452 b9bc35f67ec1f3db9efa1d2f61760ca8

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.13-4ubuntu0.2_i386.deb
      Size/MD5:  9645592 108df9f1b5147b5be4745f5657215f0d

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/main/m/mailman/mailman_2.1.13-4ubuntu0.2_armel.deb
      Size/MD5:  9635070 6c94be0d85698bcd3d17c4d506402ddd

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/m/mailman/mailman_2.1.13-4ubuntu0.2_powerpc.deb
      Size/MD5:  9653076 75733af85973ae42ae96926cf17ad4d0



Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close