GLSA-200502-11 : Mailman: Directory traversal vulnerability
Medium Nessus Plugin ID 16448
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200502-11 (Mailman: Directory traversal vulnerability)
Mailman contains an error in private.py which fails to properly sanitize input paths.
An attacker could exploit this flaw to obtain arbitrary files on the web server.
There is no known workaround at this time.
SolutionAll Mailman users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-mail/mailman-2.1.5-r4'