Fedora Core 2 : mailman-2.1.5-7 (2004-168)

This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.

Synopsis :

The remote Fedora Core host is missing a security update.

Description :

Fixes security issue CVE-2004-0412 noted in bug
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123559 Mailman
subscriber passwords could be retrieved by a remote attacker. Security
hole is fixed in mailman-2.1.5 Important Installation Note: Some users
have reported problems with bad queue counts after upgrading to
version 2.1.5, the operating assumption is this was caused by
performing an install while mailman was running. Prior to installing
this rpm stop the mailman service via: % /sbin/service mailman stop
Then after installation completes restart the service via: %
/sbin/service mailman start Red Hat RPM versions of mailman 2.1.5-6
and above have enhanced the init.d script that controls the mailman
service so that '/sbin/service mailman status' now returns valid
information. The RPM has been augmented to detect if mailman is
running prior to installation and if so it will temporarily stop
mailman during the install and restart mailman after the install
completes. If mailman was not running the RPM will not start mailman
after installation. Since the RPM depends on service status working
the installed version of mailman you are replacing must be at least
2.1.5-6 for the automatic pausing of mailman during installation to
work. This also means since this is the first RPM with this feature
you will need to manually pause mailman during installation, future
upgrades should be automatic.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :


Solution :

Update the affected mailman and / or mailman-debuginfo packages.

Risk factor :


Family: Fedora Local Security Checks

Nessus Plugin ID: 13722 (fedora_2004-168.nasl)

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now