Описание
Security update for mailman
This update for mailman to version 2.1.15 fixes the following issues:
- CVE-2016-6893: Prevent cross-site request forgery (CSRF) vulnerability in the user options page that allowed remote attackers to hijack the authentication of arbitrary users for requests that modify an option (bsc#995352).
- Various other hardenings against CSFR attacks
For details please see https://launchpad.net/mailman/+milestone/2.1.15
Список пакетов
SUSE Linux Enterprise Server 11 SP4
mailman-2.1.15-9.6.3.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
mailman-2.1.15-9.6.3.1
Ссылки
- Link for SUSE-SU-2018:1638-1
- E-Mail link for SUSE-SU-2018:1638-1
- SUSE Security Ratings
- SUSE Bug 995352
- SUSE CVE CVE-2016-6893 page
Описание
Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:mailman-2.1.15-9.6.3.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:mailman-2.1.15-9.6.3.1
Ссылки
- CVE-2016-6893
- SUSE Bug 995352
- SUSE Bug 997205