14 DAY TRIAL // Details about a Mailman vulnerability in Ubuntu 14.10, Ubuntu 14.04 LTS, Ubuntu 12.04 LTS that has been found and fixed were published in a security notice by Canonical.
The Ubuntu maintainers have revealed that the mailman could have been made to run programs if it processed a specially crafted list name, but that issue has been corrected. As usual, users have been advised to upgrade their operating systems in order to correct the problem.
"It was discovered that Mailman incorrectly handled special characters in list names. A local attacker could use this issue to perform a path traversal attack and execute arbitrary code as the Mailman user," is noted in the security notice.
For a more detailed description of the problem, you can see Canonical's security notification. The problem can be fixed if the user's upgrade your system(s) to the latest mailman package.
To apply the patch, you can simply run the Update Manager application, but you can also use the terminal if you don't like the provided GUI interface.
Open a terminal and enter the following commands (you will need to be root):
sudo apt-get dist-upgrade