Critical Vulnerability Information Vulnerability Details: - A security vulnerability has been discovered in Mailman and has been fixed. - The vulnerability has been assigned CVE-2015-2775. - Further details and remediation steps will be released on March 31, 2015, along with a patch for this specific vulnerability and the Mailman 2.1.20 release. - For more information on the vulnerability report, see: https://launchpad.net/bugs/1437145 Conditions for Vulnerability Impact: 1. Email list messages are delivered from the MTA to Mailman using a programmatic method rather than a fixed alias. This includes: Exim using the recommended transport, Postfix using postfix_to_mailman.py transport, and qmail using qmail-to-mailman.py transport. 2. Unauthorized users are able to create files on the Mailman server that Mailman can access. These files may be located in user home directories, /tmp, or any directory accessible via similar path traversal, such as . Most at-Risk Installation Types: Primarily installations using hosting services via cPanel that allow unauthorized users. Beyond this, most sites are likely unaffected. Remediation Steps: - The vulnerability is fixed by applying the patch included in the attached file. This patch applies to any Mailman 2.1.x version that does not yet have it. - If your Mailman version is 2.1.11 or higher, simply apply the patch to Mailman/Utils.py and restart Mailman. - For versions prior to 2.1.11, since the mm_cfg.ACCEPTABLE_LISTNAME_CHARACTERS setting referenced in the patch does not exist, you must also add the following: to either Defaults.py or mm_cfg.py, then restart Mailman.