Vulnerabilities > CVE-2005-4153 - Denial Of Service vulnerability in GNU Mailman 2.1.4/2.1.5/2.1.6

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
gnu
nessus

Summary

Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.

Vulnerable Configurations

Part Description Count
Application
Gnu
3

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-242-1.NASL
    descriptionAliet Santiesteban Sifontes discovered a remote Denial of Service vulnerability in the attachment handler. An email with an attachment whose filename contained invalid UTF-8 characters caused mailman to crash. (CVE-2005-3573) Mailman did not sufficiently verify the validity of email dates. Very large numbers in dates caused mailman to crash. (CVE-2005-4153). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20789
    published2006-01-21
    reporterUbuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20789
    titleUbuntu 4.10 / 5.04 / 5.10 : mailman vulnerabilities (USN-242-1)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-242-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20789);
      script_version("1.18");
      script_cvs_date("Date: 2019/08/02 13:33:00");
    
      script_cve_id("CVE-2005-3573", "CVE-2005-4153");
      script_xref(name:"USN", value:"242-1");
    
      script_name(english:"Ubuntu 4.10 / 5.04 / 5.10 : mailman vulnerabilities (USN-242-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Aliet Santiesteban Sifontes discovered a remote Denial of Service
    vulnerability in the attachment handler. An email with an attachment
    whose filename contained invalid UTF-8 characters caused mailman to
    crash. (CVE-2005-3573)
    
    Mailman did not sufficiently verify the validity of email dates. Very
    large numbers in dates caused mailman to crash. (CVE-2005-4153).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mailman package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mailman");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/01/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/21");
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/09/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(4\.10|5\.04|5\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10 / 5.04 / 5.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"4.10", pkgname:"mailman", pkgver:"2.1.5-1ubuntu2.5")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"mailman", pkgver:"2.1.5-7ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"mailman", pkgver:"2.1.5-8ubuntu2.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mailman");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0204.NASL
    descriptionAn updated mailman package that fixes two security issues is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mailman is software to help manage email discussion lists. A flaw in handling of UTF8 character encodings was found in Mailman. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause that particular mailing list to stop working. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3573 to this issue. A flaw in date handling was found in Mailman version 2.1.4 through 2.1.6. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause the Mailman server to crash. (CVE-2005-4153). Users of Mailman should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id21034
    published2006-03-08
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21034
    titleRHEL 3 / 4 : mailman (RHSA-2006:0204)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0204. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21034);
      script_version ("1.22");
      script_cvs_date("Date: 2019/10/25 13:36:11");
    
      script_cve_id("CVE-2005-3573", "CVE-2005-4153");
      script_xref(name:"RHSA", value:"2006:0204");
    
      script_name(english:"RHEL 3 / 4 : mailman (RHSA-2006:0204)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An updated mailman package that fixes two security issues is now
    available for Red Hat Enterprise Linux 3 and 4.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Mailman is software to help manage email discussion lists.
    
    A flaw in handling of UTF8 character encodings was found in Mailman.
    An attacker could send a carefully crafted email message to a mailing
    list run by Mailman which would cause that particular mailing list to
    stop working. The Common Vulnerabilities and Exposures project
    assigned the name CVE-2005-3573 to this issue.
    
    A flaw in date handling was found in Mailman version 2.1.4 through
    2.1.6. An attacker could send a carefully crafted email message to a
    mailing list run by Mailman which would cause the Mailman server to
    crash. (CVE-2005-4153).
    
    Users of Mailman should upgrade to this updated package, which
    contains backported patches to correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-3573"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-4153"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2006:0204"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mailman package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mailman");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/11/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/03/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/03/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2006:0204";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL3", reference:"mailman-2.1.5.1-25.rhel3.4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"mailman-2.1.5.1-34.rhel4.2")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mailman");
      }
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0204.NASL
    descriptionAn updated mailman package that fixes two security issues is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mailman is software to help manage email discussion lists. A flaw in handling of UTF8 character encodings was found in Mailman. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause that particular mailing list to stop working. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3573 to this issue. A flaw in date handling was found in Mailman version 2.1.4 through 2.1.6. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause the Mailman server to crash. (CVE-2005-4153). Users of Mailman should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id21892
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21892
    titleCentOS 3 / 4 : mailman (CESA-2006:0204)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0204 and 
    # CentOS Errata and Security Advisory 2006:0204 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21892);
      script_version("1.17");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2005-3573", "CVE-2005-4153");
      script_xref(name:"RHSA", value:"2006:0204");
    
      script_name(english:"CentOS 3 / 4 : mailman (CESA-2006:0204)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An updated mailman package that fixes two security issues is now
    available for Red Hat Enterprise Linux 3 and 4.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Mailman is software to help manage email discussion lists.
    
    A flaw in handling of UTF8 character encodings was found in Mailman.
    An attacker could send a carefully crafted email message to a mailing
    list run by Mailman which would cause that particular mailing list to
    stop working. The Common Vulnerabilities and Exposures project
    assigned the name CVE-2005-3573 to this issue.
    
    A flaw in date handling was found in Mailman version 2.1.4 through
    2.1.6. An attacker could send a carefully crafted email message to a
    mailing list run by Mailman which would cause the Mailman server to
    crash. (CVE-2005-4153).
    
    Users of Mailman should upgrade to this updated package, which
    contains backported patches to correct these issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-March/012697.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e739d5f1"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-March/012698.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1b7a11a7"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-March/012699.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?38ec0f87"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-March/012701.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b61e4fc9"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-March/012727.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1f99b75e"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-March/012734.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9277b2f1"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mailman package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mailman");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/11/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/03/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", reference:"mailman-2.1.5.1-25.rhel3.4")) flag++;
    
    if (rpm_check(release:"CentOS-4", reference:"mailman-2.1.5.1-34.rhel4.2")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mailman");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-222.NASL
    descriptionScrubber.py in Mailman 2.1.4 - 2.1.6 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service. (CVE-2005-3573) In addition, these versions of mailman have an issue where the server will fail with an Overflow on bad date data in a processed message. The version of mailman in Corporate Server 2.1 does not contain the above vulnerable code. Updated packages are patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20453
    published2006-01-15
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20453
    titleMandrake Linux Security Advisory : mailman (MDKSA-2005:222)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-955.NASL
    descriptionTwo denial of service bugs were found in the mailman list server. In one, attachment filenames containing UTF8 strings were not properly parsed, which could cause the server to crash. In another, a message containing a bad date string could cause a server crash. The old stable distribution (woody) is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id22821
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22821
    titleDebian DSA-955-1 : mailman - DoS

Oval

accepted2013-04-29T04:07:31.173-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionMailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.
familyunix
idoval:org.mitre.oval:def:10660
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleMailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.
version26

Redhat

advisories
bugzilla
id176089
titleCVE-2005-4153 Mailman DOS
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • commentmailman is earlier than 3:2.1.5.1-34.rhel4.2
      ovaloval:com.redhat.rhsa:tst:20060204001
    • commentmailman is signed with Red Hat master key
      ovaloval:com.redhat.rhsa:tst:20060204002
rhsa
idRHSA-2006:0204
released2006-03-07
severityModerate
titleRHSA-2006:0204: mailman security update (Moderate)
rpms
  • mailman-3:2.1.5.1-25.rhel3.4
  • mailman-3:2.1.5.1-34.rhel4.2
  • mailman-debuginfo-3:2.1.5.1-25.rhel3.4
  • mailman-debuginfo-3:2.1.5.1-34.rhel4.2