News

=========================================================== Ubuntu Security Notice USN-267-1 April 03, 2006 mailman vulnerability CVE-2006-0052 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: mailman The problem can be corrected by upgrading the affected package to version 2.1.5-1ubuntu2.7 (for Ubuntu 4.10), 2.1.5-7ubuntu0.2 (for Ubuntu 5.04), or 2.1.5-8ubuntu2.2 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A remote Denial of Service vulnerability was discovered in the decoder for multipart messages. Certain parts of type "message/delivery-status" or parts containing only two blank lines triggered an exception. An attacker could exploit this to crash Mailman by sending a specially crafted email to a mailing list.