(RHSA-2021:4913) Important: mailman security update

2021-12-0215:34:51

access.redhat.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

65.9%

JSON

Mailman is a program used to help manage e-mail discussion lists.

Security Fix(es):

mailman: CSRF token bypass allows to perform CSRF attacks and account takeover (CVE-2021-42097)
mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover (CVE-2021-44227)
mailman: CSRF protection missing in the user options page (CVE-2016-6893)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64mailman< 2.1.15-30.el7_9.2mailman-2.1.15-30.el7_9.2.x86_64.rpm
RedHat7ppc64lemailman-debuginfo< 2.1.15-30.el7_9.2mailman-debuginfo-2.1.15-30.el7_9.2.ppc64le.rpm
RedHat7s390xmailman< 2.1.15-30.el7_9.2mailman-2.1.15-30.el7_9.2.s390x.rpm
RedHat7ppc64mailman< 2.1.15-30.el7_9.2mailman-2.1.15-30.el7_9.2.ppc64.rpm
RedHat7x86_64mailman-debuginfo< 2.1.15-30.el7_9.2mailman-debuginfo-2.1.15-30.el7_9.2.x86_64.rpm
RedHat7ppc64lemailman< 2.1.15-30.el7_9.2mailman-2.1.15-30.el7_9.2.ppc64le.rpm
RedHat7s390xmailman-debuginfo< 2.1.15-30.el7_9.2mailman-debuginfo-2.1.15-30.el7_9.2.s390x.rpm
RedHat7ppc64mailman-debuginfo< 2.1.15-30.el7_9.2mailman-debuginfo-2.1.15-30.el7_9.2.ppc64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	x86_64	mailman	< 2.1.15-30.el7_9.2	mailman-2.1.15-30.el7_9.2.x86_64.rpm
RedHat	7	ppc64le	mailman-debuginfo	< 2.1.15-30.el7_9.2	mailman-debuginfo-2.1.15-30.el7_9.2.ppc64le.rpm
RedHat	7	s390x	mailman	< 2.1.15-30.el7_9.2	mailman-2.1.15-30.el7_9.2.s390x.rpm
RedHat	7	ppc64	mailman	< 2.1.15-30.el7_9.2	mailman-2.1.15-30.el7_9.2.ppc64.rpm
RedHat	7	x86_64	mailman-debuginfo	< 2.1.15-30.el7_9.2	mailman-debuginfo-2.1.15-30.el7_9.2.x86_64.rpm
RedHat	7	ppc64le	mailman	< 2.1.15-30.el7_9.2	mailman-2.1.15-30.el7_9.2.ppc64le.rpm
RedHat	7	s390x	mailman-debuginfo	< 2.1.15-30.el7_9.2	mailman-debuginfo-2.1.15-30.el7_9.2.s390x.rpm
RedHat	7	ppc64	mailman-debuginfo	< 2.1.15-30.el7_9.2	mailman-debuginfo-2.1.15-30.el7_9.2.ppc64.rpm