Описание
ELSA-2021-4913: mailman security update (IMPORTANT)
[3:2.1.15-30.2]
- Fix for CVE-2021-44227
- Resolves: #2026866
[3:2.1.15-30.1]
- Fix for CVE-2016-6893
- Fix for CVE-2021-42097
- Resolves: #2024884, #2020688
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
mailman
2.1.15-30.el7_9.2
Oracle Linux x86_64
mailman
2.1.15-30.el7_9.2
Связанные CVE
Связанные уязвимости
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csr ...
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).