Red Hat Bugzilla – Bug 205652
CVE-2006-4624 mailman logfile CRLF injection
Last modified: 2007-11-30 17:11:42 EST
mailman logfile CRLF injection
Text taken from MITRE:
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1
allows remote attackers to spoof messages in the error log and
possibly trick the administrator into visiting malicious URLs via a
carriage return/line feed sequences in the URI.
The fix for this issue is here:
Bug #206607 also lists these two additional CVE's: CVE-2006-3636 CVE-2006-2941.
The solution for FC6Test3 was to upgrade to mailman 2.1.9. Any plans to do
likewise for this bug as well?
Those issues bring the current FC5 mailman to a security impact of "moderate,"
The version 2.1.9 is available in FC-5 updates.