mailman:2.1 security update
エラータID: AXSA:2022-2979:01
Release date:
Tuesday, January 18, 2022 - 12:12
Subject:
mailman:2.1 security update
Affected Channels:
Asianux Server 8 for x86_64
Severity:
High
Description:
Mailman is a program used to help manage e-mail discussion lists.
Security Fix(es):
* mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover (CVE-2021-44227)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2021-44227
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
Modularity name: mailman
Stream name: 2.1
Solution:
Update packages.
CVEs:
CVE-2021-44227
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
Additional Info:
N/A
Download:
SRPMS
- mailman-2.1.29-12.module+el8+1382+c0d197b6.2.src.rpm
MD5: 11cacca231e53b3c94774f6bd75ed862
SHA-256: 92cf9defc9b68ceb7a891634b14c0643e45312d1027eaefcbf3cd2f339d544c3
Size: 9.02 MB
Asianux Server 8 for x86_64
- mailman-2.1.29-12.module+el8+1382+c0d197b6.2.x86_64.rpm
MD5: 54663db0495fccb0fef68d42d812ba2e
SHA-256: 6435f77f3e72f783da473669a727a25514304a57a6b4951174397a6e2401fd3b
Size: 5.99 MB - mailman-debugsource-2.1.29-12.module+el8+1382+c0d197b6.2.x86_64.rpm
MD5: 065773530c2bb9cc5e238599e8a85d86
SHA-256: eb0836c3d4b00c0566a2dd4bc0942b3362a0c6b1d11d20d845dc3deea7dd5e0c
Size: 37.27 kB
日本語