Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 547
Alerts This Week
Warning Icon 1 547

Ubuntu 18.04 LTS: USN-5121-1 Moderate: Mailman CSRF Exploits

ubuntu
Calendar Grey October 22, 2021
Dist Ubuntu Esm H88
Address vulnerabilities in Mailman on Ubuntu installations to maintain system safety and defend against potential threats.
Several security issues were fixed in Mailman.

Summary

Several security issues were fixed in Mailman.

Software Description:

- mailman: Web-based mailing list manager

Details:

Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman

did not properly associate cross-site request forgery (CSRF) tokens

to specific accounts. A remote attacker could use this to perform a

CSRF attack to gain access to another account. (CVE-2021-42097)

Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman's

cross-site request forgery (CSRF) tokens for the options page are

derived from the admin password. A remote attacker could possibly use

this to assist in performing a brute force attack against the admin

password. (CVE-2021-42096)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  mailman                         1:2.1.26-1ubuntu0.4

Ubuntu 16.04 ESM:
  mailman                         1:2.1.20-1ubuntu0.6+esm1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5121-1

CVE-2021-42096, CVE-2021-42097

October 22, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.