News

=========================================================== Ubuntu Security Notice USN-242-1 January 16, 2006 mailman vulnerabilities CVE-2005-3573, CVE-2005-4153 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: mailman The problem can be corrected by upgrading the affected package to version 2.1.5-1ubuntu2.5 (for Ubuntu 4.10), 2.1.5-7ubuntu0.1 (for Ubuntu 5.04), or 2.1.5-8ubuntu2.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Aliet Santiesteban Sifontes discovered a remote Denial of Service vulnerability in the attachment handler. An email with an attachment whose filename contained invalid UTF-8 characters caused mailman to crash. (CVE-2005-3573) Mailman did not sufficiently verify the validity of email dates. Very large numbers in dates caused mailman to crash. (CVE-2005-4153)