Описание
ELSA-2021-4826: mailman:2.1 security update (IMPORTANT)
[3:2.1.29-12.1]
- Fix for CVE-2021-42096
- Fix for CVE-2021-42097
- Resolves: #2021139, #2020692
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module mailman:2.1 is enabled
mailman
2.1.29-12.module+el8.5.0+20429+dde04a6e.1
Oracle Linux x86_64
Module mailman:2.1 is enabled
mailman
2.1.29-12.module+el8.5.0+20429+dde04a6e.1
Связанные CVE
Связанные уязвимости
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).