openSUSE: 2021:1452-1 important: mailman
Description
This update for mailman fixes the following issues: Update to 2.1.35 to fix 2 security issues: - A potential for for a list member to carry out an off-line brute force attack to obtain the list admin password has been reported by Andre Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed. CVE-2021-42096 (boo#1191959, LP:#1947639) - A CSRF attack via the user options page could allow takeover of a users account. This is fixed. CVE-2021-42097 (boo#1191960, LP:#1947640) - make package build reproducible (boo#1047218) This update was imported from the openSUSE:Leap:15.2:Update update project.
Patch
Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP2: zypper in -t patch openSUSE-2021-1452=1
Package List
- openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64): mailman-2.1.35-bp152.7.6.1
References
https://www.suse.com/security/cve/CVE-2021-42096.html https://www.suse.com/security/cve/CVE-2021-42097.html https://bugzilla.suse.com/1047218 https://bugzilla.suse.com/1191959 https://bugzilla.suse.com/1191960