Test ID:	1.3.6.1.4.1.25623.1.0.59313
Category:	Fedora Local Security Checks
Title:	Fedora Core 4 FEDORA-2006-534 (mailman)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to mailman announced via advisory FEDORA-2006-534. Mailman is software to help manage email discussion lists, much like Majordomo and Smartmail. Unlike most similar products, Mailman gives each mailing list a webpage, and allows users to subscribe, unsubscribe, etc. over the Web. Even the list manager can administer his or her list entirely from the Web. Mailman also integrates most things people want to do with mailing lists, including archiving, mail news gateways, and so on. Documentation can be found in: /usr/share/doc/mailman-2.1.8 When the package has finished installing, you will need to perform some additional installation steps, these are described in: /usr/share/doc/mailman-2.1.8/INSTALL.REDHAT Update Information: - version 2.1.8 fixes various security issues * Mon May 8 2006 Harald Hoyer - 3:2.1.8-0.FC4.1 - version 2.1.8 * Fri Feb 10 2006 Jesse Keating - 3:2.1.7-1.2 - bump again for double-long bug on ppc(64) * Tue Feb 7 2006 Jesse Keating - 3:2.1.7-1.1 - rebuilt for new gcc4.1 snapshot and glibc changes * Tue Jan 10 2006 Harald Hoyer - 3:2.1.7-1 - version 2.1.7 * Fri Dec 16 2005 Jesse Keating - rebuilt for new gcj * Wed Dec 14 2005 Harald Hoyer - 3:2.1.5-36.fc4.1 - fix for bug #173139 (CVE-2005-3573 Mailman Denial of Service) * Fri Dec 9 2005 Jesse Keating - rebuilt * Thu Nov 10 2005 Harald Hoyer - 3:2.1.6-2 - added help to the initscript (bug #162724) * Wed Jun 8 2005 John Dennis - 3:2.1.6-1.fc4 - initial port of 2.1.6 remove mailman-2.1.5-moderator-request.patch, present in new release remove mailman-2.1-CAN-2005-0202.patch, present in new release remove mailman-2.1-CAN-2004-1177.patch, present in new release * Thu Apr 28 2005 John Dennis - 3:2.1.5-36.fc4 - fix bug #156159 insecure location of restart flag file Solution: Apply the appropriate updates. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2006-534 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-3573 BugTraq ID: 15408 http://www.securityfocus.com/bid/15408 Debian Security Information: DSA-955 (Google Search) http://www.debian.org/security/2006/dsa-955 http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222 http://mail.python.org/pipermail/mailman-users/2005-September/046523.html http://www.osvdb.org/20819 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10038 http://www.redhat.com/support/errata/RHSA-2006-0204.html http://securitytracker.com/id?1015735 http://secunia.com/advisories/17511 http://secunia.com/advisories/17874 http://secunia.com/advisories/18456 http://secunia.com/advisories/18503 http://secunia.com/advisories/18612 http://secunia.com/advisories/19167 http://secunia.com/advisories/19196 http://secunia.com/advisories/19532 SGI Security Advisory: 20060401-01-U ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U SuSE Security Announcement: SUSE-SR:2006:001 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Jan/0003.html http://www.trustix.org/errata/2006/0012/ http://www.ubuntu.com/usn/usn-242-1 http://www.vupen.com/english/advisories/2005/2404 XForce ISS Database: mailman-utf8-scrubber-dos(23139) https://exchange.xforce.ibmcloud.com/vulnerabilities/23139
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.