Oval Definition:oval:org.opensuse.security:def:111116
Revision Date:2021-11-02Version:1
Title:Security update for mailman (Important)
Description:

This update for mailman fixes the following issues:

Update to 2.1.35 to fix 2 security issues:

- A potential for for a list member to carry out an off-line brute force attack to obtain the list admin password has been reported by Andre Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed. CVE-2021-42096 (boo#1191959, LP:#1947639) - A CSRF attack via the user options page could allow takeover of a users account. This is fixed. CVE-2021-42097 (boo#1191960, LP:#1947640) - make package build reproducible (boo#1047218)
Family:unixClass:patch
Status:Reference(s):1047218
1191959
1191960
CVE-2021-42096
CVE-2021-42097
openSUSE-SU-2021:1436-1
Platform(s):openSUSE Leap 15.2
Product(s):
Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND mailman-2.1.35-lp152.7.6.1 is installed
    • BACK