Advisories » MGASA-2015-0205

Updated mailman packages fix security vulnerabilities

Publication date: 11 May 2015
Modification date: 11 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-2775

Description

Updated mailman packages fix security vulnerability:

A path traversal vulnerability was discovered in Mailman. Installations using
a transport script (such as postfix-to-mailman.py) to interface with their
MTA instead of static aliases were vulnerable to a path traversal attack. To
successfully exploit this, an attacker needs write access on the local file
system (CVE-2015-2775).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15648
• https://www.debian.org/security/2015/dsa-3214
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2775

SRPMS

4/core

• mailman-2.1.20-1.1.mga4