Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2021:4839: Red Hat Security Advisory: mailman:2.1 security update

An update for the mailman:2.1 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2021-42096: mailman: CSRF token derived from admin password allows offline brute-force attack
  • CVE-2021-42097: mailman: CSRF token bypass allows to perform CSRF attacks and account takeover
Red Hat Security Data
#csrf#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Red Hat Customer Portal

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat Openshift Container Storage

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus
  • Red Hat CodeReady Studio

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2021-11-24

Updated:

2021-11-24

RHSA-2021:4839 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: mailman:2.1 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the mailman:2.1 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mailman is a program used to help manage e-mail discussion lists.

Security Fix(es):

  • mailman: CSRF token bypass allows to perform CSRF attacks and account takeover (CVE-2021-42097)
  • mailman: CSRF token derived from admin password allows offline brute-force attack (CVE-2021-42096)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
  • Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2020568 - CVE-2021-42097 mailman: CSRF token bypass allows to perform CSRF attacks and account takeover
  • BZ - 2020575 - CVE-2021-42096 mailman: CSRF token derived from admin password allows offline brute-force attack

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM

mailman-2.1.29-11.module+el8.4.0+13212+81332387.1.src.rpm

SHA-256: 5e26ce2128d13181232652ccec5b6ef633c6300fb9b2cfa1464e89cacc3f1e47

x86_64

mailman-2.1.29-11.module+el8.4.0+13212+81332387.1.x86_64.rpm

SHA-256: 9930ac2f3ec57a88c3bc6197484a078697790bd3fbdac28173267475ffef7a05

mailman-debuginfo-2.1.29-11.module+el8.4.0+13212+81332387.1.x86_64.rpm

SHA-256: d1179c35fd673b8e35154f442569d9ce0cf63ca02a78a63e54d3f2d56cf11ea3

mailman-debugsource-2.1.29-11.module+el8.4.0+13212+81332387.1.x86_64.rpm

SHA-256: 0adf495083020dc81e0a56e1ce8536986e068d7cd2ef908a57eb619f0fbee78f

Red Hat Enterprise Linux Server - AUS 8.4

SRPM

mailman-2.1.29-11.module+el8.4.0+13212+81332387.1.src.rpm

SHA-256: 5e26ce2128d13181232652ccec5b6ef633c6300fb9b2cfa1464e89cacc3f1e47

x86_64

mailman-2.1.29-11.module+el8.4.0+13212+81332387.1.x86_64.rpm

SHA-256: 9930ac2f3ec57a88c3bc6197484a078697790bd3fbdac28173267475ffef7a05

mailman-debuginfo-2.1.29-11.module+el8.4.0+13212+81332387.1.x86_64.rpm

SHA-256: d1179c35fd673b8e35154f442569d9ce0cf63ca02a78a63e54d3f2d56cf11ea3

mailman-debugsource-2.1.29-11.module+el8.4.0+13212+81332387.1.x86_64.rpm

SHA-256: 0adf495083020dc81e0a56e1ce8536986e068d7cd2ef908a57eb619f0fbee78f

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4

SRPM

mailman-2.1.29-11.module+el8.4.0+13212+81332387.1.src.rpm

SHA-256: 5e26ce2128d13181232652ccec5b6ef633c6300fb9b2cfa1464e89cacc3f1e47

s390x

mailman-2.1.29-11.module+el8.4.0+13212+81332387.1.s390x.rpm

SHA-256: b95d2037ba81e0342da227e2daa595410118e2c7dfb263ba4af025e1c86a7a54

mailman-debuginfo-2.1.29-11.module+el8.4.0+13212+81332387.1.s390x.rpm

SHA-256: 7a1814ee3082962b08788aced3df2500fa441cc72a711039bd3d94a9f6cbdb20

mailman-debugsource-2.1.29-11.module+el8.4.0+13212+81332387.1.s390x.rpm

SHA-256: 921ce74eb78c2fb3caf8b3f28e1a8be163392d61fce1015b5f9e5f5b87df2afa

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM

mailman-2.1.29-11.module+el8.4.0+13212+81332387.1.src.rpm

SHA-256: 5e26ce2128d13181232652ccec5b6ef633c6300fb9b2cfa1464e89cacc3f1e47

ppc64le

mailman-2.1.29-11.module+el8.4.0+13212+81332387.1.ppc64le.rpm

SHA-256: c70c98e6e883b63472e751fba3f0c2e7ef780f3a7203e4257bad8e783eb64f04

mailman-debuginfo-2.1.29-11.module+el8.4.0+13212+81332387.1.ppc64le.rpm

SHA-256: 7b0b44023b1b39d38dd43848db8d1df247e24349fcbe79aeb20028dd37128d13

mailman-debugsource-2.1.29-11.module+el8.4.0+13212+81332387.1.ppc64le.rpm

SHA-256: 561adfb66030716a14a180ba8dd303ad036ef2a6a214d610c79f382343f1f56d

Red Hat Enterprise Linux Server - TUS 8.4

SRPM

mailman-2.1.29-11.module+el8.4.0+13212+81332387.1.src.rpm

SHA-256: 5e26ce2128d13181232652ccec5b6ef633c6300fb9b2cfa1464e89cacc3f1e47

x86_64

mailman-2.1.29-11.module+el8.4.0+13212+81332387.1.x86_64.rpm

SHA-256: 9930ac2f3ec57a88c3bc6197484a078697790bd3fbdac28173267475ffef7a05

mailman-debuginfo-2.1.29-11.module+el8.4.0+13212+81332387.1.x86_64.rpm

SHA-256: d1179c35fd673b8e35154f442569d9ce0cf63ca02a78a63e54d3f2d56cf11ea3

mailman-debugsource-2.1.29-11.module+el8.4.0+13212+81332387.1.x86_64.rpm

SHA-256: 0adf495083020dc81e0a56e1ce8536986e068d7cd2ef908a57eb619f0fbee78f

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM

mailman-2.1.29-11.module+el8.4.0+13212+81332387.1.src.rpm

SHA-256: 5e26ce2128d13181232652ccec5b6ef633c6300fb9b2cfa1464e89cacc3f1e47

aarch64

mailman-2.1.29-11.module+el8.4.0+13212+81332387.1.aarch64.rpm

SHA-256: cc41ad551caab8db6e3d4a11cc6193259192567c00134753303c1e679166b015

mailman-debuginfo-2.1.29-11.module+el8.4.0+13212+81332387.1.aarch64.rpm

SHA-256: 3977e41dd11f4f58b5c9c0bea5354cf1b90c59d5e765ce6546279472fff71589

mailman-debugsource-2.1.29-11.module+el8.4.0+13212+81332387.1.aarch64.rpm

SHA-256: 6c2089e3bdffdfd20a0009dd6ca17a81ac2dba7e0bdc572cab1746878483bad6

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4

SRPM

mailman-2.1.29-11.module+el8.4.0+13212+81332387.1.src.rpm

SHA-256: 5e26ce2128d13181232652ccec5b6ef633c6300fb9b2cfa1464e89cacc3f1e47

ppc64le

mailman-2.1.29-11.module+el8.4.0+13212+81332387.1.ppc64le.rpm

SHA-256: c70c98e6e883b63472e751fba3f0c2e7ef780f3a7203e4257bad8e783eb64f04

mailman-debuginfo-2.1.29-11.module+el8.4.0+13212+81332387.1.ppc64le.rpm

SHA-256: 7b0b44023b1b39d38dd43848db8d1df247e24349fcbe79aeb20028dd37128d13

mailman-debugsource-2.1.29-11.module+el8.4.0+13212+81332387.1.ppc64le.rpm

SHA-256: 561adfb66030716a14a180ba8dd303ad036ef2a6a214d610c79f382343f1f56d

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4

SRPM

mailman-2.1.29-11.module+el8.4.0+13212+81332387.1.src.rpm

SHA-256: 5e26ce2128d13181232652ccec5b6ef633c6300fb9b2cfa1464e89cacc3f1e47

x86_64

mailman-2.1.29-11.module+el8.4.0+13212+81332387.1.x86_64.rpm

SHA-256: 9930ac2f3ec57a88c3bc6197484a078697790bd3fbdac28173267475ffef7a05

mailman-debuginfo-2.1.29-11.module+el8.4.0+13212+81332387.1.x86_64.rpm

SHA-256: d1179c35fd673b8e35154f442569d9ce0cf63ca02a78a63e54d3f2d56cf11ea3

mailman-debugsource-2.1.29-11.module+el8.4.0+13212+81332387.1.x86_64.rpm

SHA-256: 0adf495083020dc81e0a56e1ce8536986e068d7cd2ef908a57eb619f0fbee78f

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update