Oval Definition:	oval:org.opensuse.security:def:126890
Revision Date: 2022-05-31 Version: 1 Title: Security update for mailman (Important) Description: This update for mailman fixes the following issues: - CVE-2021-44227: Preventing list moderator or list member accessing the admin UI (bsc#1193316). - CVE-2021-43332: Preventing list moderator from cracking the list admin password encrypted in a CSRF token (bsc#1192741). - CVE-2021-43331: Fixed XSS in Cgi/options.py (bsc#1192735). - CVE-2021-42096: Add protection against remote privilege escalation via csrf_token derived from admin password (bsc#1191959). Family: unix Class: patch Status: Reference(s): 1191959 1192735 1192741 1193316 CVE-2021-42096 CVE-2021-43331 CVE-2021-43332 CVE-2021-44227 Platform(s): SUSE Linux Enterprise Server 12 SP4-ESPOS Product(s): Definition Synopsis SUSE Linux Enterprise Server 12 SP4-ESPOS is installed AND mailman-2.1.17-3.26.1 is installed
BACK