[SECURITY] [DSA 3214-1] mailman security update

2015-04-0617:13:14

lists.debian.org

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

5.5

Confidence

Low

EPSS

0.031

Percentile

91.0%

JSON

Debian Security Advisory DSA-3214-1 [email protected]
http://www.debian.org/security/ Thijs Kinkhorst
April 06, 2015 http://www.debian.org/security/faq

Package : mailman
CVE ID : CVE-2015-2775
Debian Bug : 781626

A path traversal vulnerability was discovered in Mailman, the mailing
list manager. Installations using a transport script (such as
postfix-to-mailman.py) to interface with their MTA instead of static
aliases were vulnerable to a path traversal attack. To successfully
exploit this, an attacker needs write access on the local file system.

For the stable distribution (wheezy), this problem has been fixed in
version 1:2.1.15-1+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 1:2.1.18-2.

We recommend that you upgrade your mailman packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7i386mailman< 1:2.1.15-1+deb7u1mailman_1:2.1.15-1+deb7u1_i386.deb
Debian7mipsmailman< 1:2.1.15-1+deb7u1mailman_1:2.1.15-1+deb7u1_mips.deb
Debian7s390mailman< 1:2.1.15-1+deb7u1mailman_1:2.1.15-1+deb7u1_s390.deb
Debian7s390xmailman< 1:2.1.15-1+deb7u1mailman_1:2.1.15-1+deb7u1_s390x.deb
Debian7allmailman< 1:2.1.15-1+deb7u1mailman_1:2.1.15-1+deb7u1_all.deb
Debian6allmailman< 1:2.1.13-6mailman_1:2.1.13-6_all.deb
Debian7mipselmailman< 1:2.1.15-1+deb7u1mailman_1:2.1.15-1+deb7u1_mipsel.deb
Debian7sparcmailman< 1:2.1.15-1+deb7u1mailman_1:2.1.15-1+deb7u1_sparc.deb
Debian7ia64mailman< 1:2.1.15-1+deb7u1mailman_1:2.1.15-1+deb7u1_ia64.deb
Debian6i386mailman< 1:2.1.13-6mailman_1:2.1.13-6_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	i386	mailman	< 1:2.1.15-1+deb7u1	mailman_1:2.1.15-1+deb7u1_i386.deb
Debian	7	mips	mailman	< 1:2.1.15-1+deb7u1	mailman_1:2.1.15-1+deb7u1_mips.deb
Debian	7	s390	mailman	< 1:2.1.15-1+deb7u1	mailman_1:2.1.15-1+deb7u1_s390.deb
Debian	7	s390x	mailman	< 1:2.1.15-1+deb7u1	mailman_1:2.1.15-1+deb7u1_s390x.deb
Debian	7	all	mailman	< 1:2.1.15-1+deb7u1	mailman_1:2.1.15-1+deb7u1_all.deb
Debian	6	all	mailman	< 1:2.1.13-6	mailman_1:2.1.13-6_all.deb
Debian	7	mipsel	mailman	< 1:2.1.15-1+deb7u1	mailman_1:2.1.15-1+deb7u1_mipsel.deb
Debian	7	sparc	mailman	< 1:2.1.15-1+deb7u1	mailman_1:2.1.15-1+deb7u1_sparc.deb
Debian	7	ia64	mailman	< 1:2.1.15-1+deb7u1	mailman_1:2.1.15-1+deb7u1_ia64.deb
Debian	6	i386	mailman	< 1:2.1.13-6	mailman_1:2.1.13-6_i386.deb