-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: mailman:2.1 security update Advisory ID: RHSA-2021:5080-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:5080 Issue date: 2021-12-13 CVE Names: CVE-2021-44227 ===================================================================== 1. Summary: An update for the mailman:2.1 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: Mailman is a program used to help manage e-mail discussion lists. Security Fix(es): * mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover (CVE-2021-44227) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2026862 - CVE-2021-44227 mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.2): Source: mailman-2.1.29-6.module+el8.2.0+13543+86b2c701.src.rpm aarch64: mailman-2.1.29-6.module+el8.2.0+13543+86b2c701.aarch64.rpm mailman-debuginfo-2.1.29-6.module+el8.2.0+13543+86b2c701.aarch64.rpm mailman-debugsource-2.1.29-6.module+el8.2.0+13543+86b2c701.aarch64.rpm ppc64le: mailman-2.1.29-6.module+el8.2.0+13543+86b2c701.ppc64le.rpm mailman-debuginfo-2.1.29-6.module+el8.2.0+13543+86b2c701.ppc64le.rpm mailman-debugsource-2.1.29-6.module+el8.2.0+13543+86b2c701.ppc64le.rpm s390x: mailman-2.1.29-6.module+el8.2.0+13543+86b2c701.s390x.rpm mailman-debuginfo-2.1.29-6.module+el8.2.0+13543+86b2c701.s390x.rpm mailman-debugsource-2.1.29-6.module+el8.2.0+13543+86b2c701.s390x.rpm x86_64: mailman-2.1.29-6.module+el8.2.0+13543+86b2c701.x86_64.rpm mailman-debuginfo-2.1.29-6.module+el8.2.0+13543+86b2c701.x86_64.rpm mailman-debugsource-2.1.29-6.module+el8.2.0+13543+86b2c701.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-44227 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYbdOctzjgjWX9erEAQg6Ng/+MNYDR5KefRn68QosWvhOsTJw7ZeZxpD2 KGk2VSTT9MrMNSfd2uDuwVlMtyfCiFwO9+TrG2ou18K2ebZdbyCkwkYbWmk2j1xW GAMMWrzhlg2eBsiFTrDR03Hhm4P8kKYPeQymLk/z/I05csvvpSp/uDi1znwxiK6N JdDBE2N5x7RmvoLZ5RT7wY2Rh6D6Akn73Jrbsca9Rvxeu7fd16xQUNzbPvANSUIt BGCY0Ry2m9wZNvEGrdoD6ofO9WrAvTbJnnTcwX1L3Vtj0ykaELQCnJaEfzZ7wHPW qoKFxre5TPWHN+krtdTrkd/V2at/ANK7stKqPaBCpyDE5qARRgcSVs9nUt2DCdx1 lYC4bQbAO7AHQWkBE/Euyz6TN/hej96MvuUT68foM4taRVe/OEDxhi685jP2JWoF CyXBrOCROAiszUJfDbb8gP+P6386qaED0pTh6o+RGaIV4FFBOaEBXxGkU93sGcvY ATA8GfiU7Hx5u4URWrLjB4xcQbjo28EFY4Ky896re2kR3kw80irEanFWqupb0zE3 5P+arSFV3EHVJf5fse7m4VagctuQ8yn4HwlW6kUAHwBGVTIOJGjq/JWVkV1xGe3L L44SbjRjynwA8Dpeb2k990GvBa/xPg1DCkS+hmpNi2whm/fwtB19yOSgr8EkWO7N 6u77NOONp3M= =6HtR -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce