Описание
Security update for mailman
This update for mailman fixes the following issues:
Security issue fixed:
- CVE-2016-6893: Fixed a Cross-site request forgery vulnerability in the admin web interface (bsc#997205).
Following bug was fixed:
- Allow CSRF check to pass in mailman web frontend if the list name contains a '+' (bsc#1102416)
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
mailman-2.1.15-9.6.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS
mailman-2.1.15-9.6.12.1
Ссылки
- Link for SUSE-SU-2019:14068-1
- E-Mail link for SUSE-SU-2019:14068-1
- SUSE Security Ratings
- SUSE Bug 1102416
- SUSE Bug 997205
- SUSE CVE CVE-2016-6893 page
Описание
Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:mailman-2.1.15-9.6.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:mailman-2.1.15-9.6.12.1
Ссылки
- CVE-2016-6893
- SUSE Bug 995352
- SUSE Bug 997205