 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.882206 |
| Category: | CentOS Local Security Checks |
| Title: | CentOS Update for mailman CESA-2015:1153 centos7 |
| Summary: | Check the version of mailman |
| Description: | Summary: Check the version of mailman Vulnerability Insight: Mailman is a program used to help manage email discussion lists. It was found that mailman did not sanitize the list name before passing it to certain MTAs. A local attacker could use this flaw to execute arbitrary code as the user running mailman. (CVE-2015-2775) This update also fixes the following bugs: * Previously, it was impossible to configure Mailman in a way that Domain-based Message Authentication, Reporting & Conformance (DMARC) would recognize Sender alignment for Domain Key Identified Mail (DKIM) signatures. Consequently, Mailman list subscribers that belonged to a mail server with a 'reject' policy for DMARC, such as yahoo.com or AOL.com, were unable to receive Mailman forwarded messages from senders residing in any domain that provided DKIM signatures. With this update, domains with a 'reject' DMARC policy are recognized correctly, and Mailman list administrators are able to configure the way these messages are handled. As a result, after a proper configuration, subscribers now correctly receive Mailman forwarded messages in this scenario. (BZ#1229288) * Previously, the /etc/mailman file had incorrectly set permissions, which in some cases caused removing Mailman lists to fail with a ''NoneType' object has no attribute 'close'' message. With this update, the permissions value for /etc/mailman is correctly set to 2775 instead of 0755, and removing Mailman lists now works as expected. (BZ#1229307) * Prior to this update, the mailman utility incorrectly installed the tmpfiles configuration in the /etc/tmpfiles.d/ directory. As a consequence, changes made to mailman tmpfiles configuration were overwritten if the mailman packages were reinstalled or updated. The mailman utility now installs the tmpfiles configuration in the /usr/lib/tmpfiles.d/ directory, and changes made to them by the user are preserved on reinstall or update. (BZ#1229306) All mailman users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Affected Software/OS: mailman on CentOS 7 Solution: Please install the updated packages. CVSS Score: 7.6 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-2775 BugTraq ID: 73922 http://www.securityfocus.com/bid/73922 Debian Security Information: DSA-3214 (Google Search) http://www.debian.org/security/2015/dsa-3214 http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156742.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154911.html https://mail.python.org/pipermail/mailman-announce/2015-March/000209.html https://mail.python.org/pipermail/mailman-developers/2015-March/024871.html https://mail.python.org/pipermail/mailman-developers/2015-March/024875.html RedHat Security Advisories: RHSA-2015:1153 http://rhn.redhat.com/errata/RHSA-2015-1153.html RedHat Security Advisories: RHSA-2015:1417 http://rhn.redhat.com/errata/RHSA-2015-1417.html http://www.securitytracker.com/id/1032033 http://www.ubuntu.com/usn/USN-2558-1 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |