Oval Definition:	oval:org.opensuse.security:def:6060
Revision Date: 2022-05-31 Version: 1 Title: Security update for mailman (Important) Description: This update for mailman fixes the following issues: - CVE-2021-44227: Preventing list moderator or list member accessing the admin UI (bsc#1193316). - CVE-2021-43332: Preventing list moderator from cracking the list admin password encrypted in a CSRF token (bsc#1192741). - CVE-2021-43331: Fixed XSS in Cgi/options.py (bsc#1192735). - CVE-2021-42096: Add protection against remote privilege escalation via csrf_token derived from admin password (bsc#1191959). Family: unix Class: patch Status: Reference(s): 1055117 1065729 1087082 1113295 1133021 1152457 1152472 1152489 1153274 1154353 1155518 1156395 1160634 1164648 1167260 1167574 1167773 1168777 1168838 1169709 1171295 1173485 1174416 1174426 1175995 1176447 1176774 1177028 1177326 1177666 1178089 1178134 1178163 1178330 1178378 1178418 1179243 1179519 1179825 1179827 1179851 1180197 1180814 1180846 1181104 1181383 1181507 1181674 1181862 1182077 1182257 1182377 1182552 1182574 1182613 1182712 1182715 1182717 1182999 1183022 1183069 1183252 1183277 1183278 1183279 1183280 1183281 1183282 1183283 1183284 1183285 1183286 1183287 1183288 1183289 1183310 1183311 1183312 1183313 1183314 1183315 1183316 1183317 1183318 1183319 1183320 1183321 1183322 1183323 1183324 1183326 1183346 1183366 1183369 1183386 1183405 1183412 1183427 1183428 1183445 1183447 1183491 1183501 1183509 1183530 1183534 1183540 1183593 1183596 1183598 1183637 1183646 1183658 1183662 1183686 1183692 1183750 1183757 1183775 1183815 1183868 1183871 1183873 1183947 1183976 1184074 1184081 1184082 1184120 1184167 1184168 1184170 1184171 1184192 1184193 1184194 1184196 1184197 1184198 1184199 1184208 1184209 1184211 1184217 1184218 1184219 1184220 1184224 1184264 1184386 1184388 1184391 1184393 1184436 1184485 1184514 1184585 1184611 1184615 1184650 1184710 1184724 1184728 1184730 1184731 1184736 1184737 1184738 1184740 1184741 1184742 1184769 1184811 1184855 1184934 1184942 1184943 1184955 1184969 1184984 1185010 1185113 1185233 1185269 1185428 1185491 1185495 1185549 1185550 1185558 1185573 1185581 1185586 1185587 1185606 1185640 1185641 1185642 1185645 1185670 1185680 1185703 1185725 1185736 1185758 1185796 1185840 1185857 1185898 1185899 1185911 1185938 1185950 1185980 1185988 1186009 1186061 1186111 1186118 1186219 1186285 1186320 1186349 1186352 1186353 1186354 1186355 1186356 1186357 1186401 1186408 1186439 1186441 1186479 1186484 1186498 1186501 1186512 1186681 1191959 1192735 1192741 1193316 CVE-2009-0688 CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0750 CVE-2010-0787 CVE-2010-2761 CVE-2010-4410 CVE-2010-4411 CVE-2010-4777 CVE-2011-1485 CVE-2011-1526 CVE-2011-1761 CVE-2011-4862 CVE-2012-1586 CVE-2013-2001 CVE-2013-2062 CVE-2013-2126 CVE-2013-2127 CVE-2013-4233 CVE-2013-4234 CVE-2013-4288 CVE-2015-3218 CVE-2015-3255 CVE-2015-3256 CVE-2015-4625 CVE-2015-7555 CVE-2015-7995 CVE-2015-8853 CVE-2015-9019 CVE-2016-10324 CVE-2016-10325 CVE-2016-10326 CVE-2016-1238 CVE-2016-2381 CVE-2016-3977 CVE-2016-4738 CVE-2016-6185 CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9810 CVE-2017-15638 CVE-2017-18233 CVE-2017-18234 CVE-2017-18236 CVE-2017-18238 CVE-2017-5029 CVE-2017-7853 CVE-2018-7728 CVE-2018-7730 CVE-2019-18814 CVE-2019-19769 CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-26139 CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2020-27170 CVE-2020-27171 CVE-2020-27673 CVE-2020-27815 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-36322 CVE-2021-20268 CVE-2021-23134 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28375 CVE-2021-28660 CVE-2021-28688 CVE-2021-28950 CVE-2021-28952 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29155 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-29650 CVE-2021-30002 CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-3428 CVE-2021-3444 CVE-2021-3483 CVE-2021-3489 CVE-2021-3490 CVE-2021-3491 CVE-2021-42096 CVE-2021-43331 CVE-2021-43332 CVE-2021-44227 SUSE-SU-2022:1886-1 Platform(s): openSUSE 13.1 openSUSE 13.1 NonFree openSUSE 13.2 openSUSE 13.2 NonFree SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Linux Enterprise Build System Kit 12 SUSE Linux Enterprise Build System Kit 12 SP1 SUSE Linux Enterprise Build System Kit 12 SP2 SUSE Linux Enterprise Build System Kit 12 SP3 SUSE Linux Enterprise Build System Kit 12 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise for SAP 12 SUSE Linux Enterprise for SAP 12 SP1 SUSE Linux Enterprise High Availability 12 SP2 SUSE Linux Enterprise High Availability 12 SP3 SUSE Linux Enterprise High Availability 12 SP5 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Live Patching 12 SP3 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3 SUSE Linux Enterprise Real Time Extension 12 SP2 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Server for VMWare 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Workstation Extension 12 SP1 SUSE Linux Enterprise Workstation Extension 12 SP2 SUSE Linux Enterprise Workstation Extension 12 SP3 SUSE Linux Enterprise Workstation Extension 12 SP4 Product(s): Definition Synopsis SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 is installed AND python-requests-2.8.1-6.9.1 is installed Definition Synopsis SUSE Linux Enterprise Build System Kit 12 is installed AND Package Information cups-1.7.5-5 is installed OR cups-ddk-1.7.5-5 is installed Definition Synopsis SUSE Linux Enterprise Build System Kit 12 SP1 is installed AND Package Information krb5-mini-1.12.1-22 is installed OR krb5-mini-devel-1.12.1-22 is installed Definition Synopsis SUSE Linux Enterprise Build System Kit 12 SP2 is installed AND Package Information ghostscript-mini-9.15-17 is installed OR ghostscript-mini-devel-9.15-17 is installed Definition Synopsis SUSE Linux Enterprise Build System Kit 12 SP3 is installed AND Package Information libudev-mini-devel-228-150.9 is installed OR libudev-mini1-228-150.9 is installed OR systemd-mini-228-150.9 is installed OR systemd-mini-devel-228-150.9 is installed OR udev-mini-228-150.9 is installed Definition Synopsis SUSE Linux Enterprise Build System Kit 12 SP4 is installed AND Package Information libudev-mini-devel-228-150.53 is installed OR libudev-mini1-228-150.53 is installed OR systemd-mini-228-150.53 is installed OR systemd-mini-devel-228-150.53 is installed OR udev-mini-228-150.53 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information dbus-1-1.2.10-3.25.1 is installed OR dbus-1-32bit-1.2.10-3.25.1 is installed OR dbus-1-x11-1.2.10-3.25.1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND Package Information flash-player-11.2.202.425-19 is installed OR flash-player-gnome-11.2.202.425-19 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND krb5-appl-clients-1.0.3-1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND libmodplug1-0.8.8.4-13 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND SuSEfirewall2-3.6.312.333-3.13 is installed Definition Synopsis SUSE Linux Enterprise for SAP 12 is installed AND Package Information kgraft-patch-3_12_55-52_45-default-2-2.3 is installed OR kgraft-patch-3_12_55-52_45-xen-2-2.3 is installed OR kgraft-patch-SLE12_Update_13-2-2.3 is installed Definition Synopsis SUSE Linux Enterprise for SAP 12 SP1 is installed AND Package Information MozillaFirefox-52.2.0esr-108.3 is installed OR MozillaFirefox-branding-SLE-52-31.1 is installed OR MozillaFirefox-devel-52.2.0esr-108.3 is installed OR MozillaFirefox-translations-52.2.0esr-108.3 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 SP2 is installed AND Package Information cluster-md-kmp-default-4.4.21-90 is installed OR cluster-network-kmp-default-4.4.21-90 is installed OR dlm-kmp-default-4.4.21-90 is installed OR gfs2-kmp-default-4.4.21-90 is installed OR kernel-default-4.4.21-90 is installed OR ocfs2-kmp-default-4.4.21-90 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 SP3 is installed AND ruby2.1-rubygem-bundler-1.7.3-3 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 SP5 is installed AND Package Information corosync-2.3.6-9.13 is installed OR libcorosync4-2.3.6-9.13 is installed Definition Synopsis SUSE Linux Enterprise High Performance Computing 12 SP5 is installed AND Package Information at-3.1.14-8.6 is installed OR flex-2.5.37-8 is installed OR flex-32bit-2.5.37-8 is installed OR libQtWebKit4-4.8.7+2.3.4-4.7 is installed OR libQtWebKit4-32bit-4.8.7+2.3.4-4.7 is installed OR libbonobo-2.32.1-16 is installed OR libbonobo-32bit-2.32.1-16 is installed OR libbonobo-doc-2.32.1-16 is installed OR libbonobo-lang-2.32.1-16 is installed Definition Synopsis SUSE Linux Enterprise Live Patching 12 is installed AND Package Information kgraft-patch-3_12_38-44-default-1-2 is installed OR kgraft-patch-3_12_38-44-xen-1-2 is installed OR kgraft-patch-SLE12_Update_3-1-2 is installed Definition Synopsis SUSE Linux Enterprise Live Patching 12 SP3 is installed AND Package Information kgraft-patch-4_4_82-6_6-default-1-2 is installed OR kgraft-patch-SLE12-SP3_Update_2-1-2 is installed Definition Synopsis SUSE Linux Enterprise Module for Legacy Software 12 is installed AND Package Information java-1_6_0-ibm-1.6.0_sr16.1-5 is installed OR java-1_6_0-ibm-fonts-1.6.0_sr16.1-5 is installed OR java-1_6_0-ibm-jdbc-1.6.0_sr16.1-5 is installed OR java-1_6_0-ibm-plugin-1.6.0_sr16.1-5 is installed Definition Synopsis SUSE Linux Enterprise Real Time Extension 12 SP2 is installed AND Package Information cluster-md-kmp-rt-4.4.114-27 is installed OR cluster-network-kmp-rt-4.4.114-27 is installed OR dlm-kmp-rt-4.4.114-27 is installed OR gfs2-kmp-rt-4.4.114-27 is installed OR kernel-devel-rt-4.4.114-27 is installed OR kernel-rt-4.4.114-27 is installed OR kernel-rt-base-4.4.114-27 is installed OR kernel-rt-devel-4.4.114-27 is installed OR kernel-rt_debug-4.4.114-27 is installed OR kernel-rt_debug-devel-4.4.114-27 is installed OR kernel-source-rt-4.4.114-27 is installed OR kernel-syms-rt-4.4.114-27 is installed OR ocfs2-kmp-rt-4.4.114-27 is installed Definition Synopsis SUSE Linux Enterprise Server 11 SP1 is installed AND Package Information bzip2-1.0.5-34.246 is installed OR bzip2-doc-1.0.5-34.246 is installed OR libbz2-1-1.0.5-34.246 is installed OR libbz2-1-32bit-1.0.5-34.246 is installed OR libbz2-1-x86-1.0.5-34.246 is installed Definition Synopsis Release Information SUSE Linux Enterprise Server 11 SP2 is installed AND postgresql-8.3.23-0.4.1 is installed OR postgresql-contrib-8.3.23-0.4.1 is installed OR postgresql-docs-8.3.23-0.4.1 is installed OR postgresql-server-8.3.23-0.4.1 is installed OR Package Information SUSE Linux Enterprise Server for VMWare 11 SP2 is installed AND postgresql-8.3.23-0.4.1 is installed OR postgresql-contrib-8.3.23-0.4.1 is installed OR postgresql-docs-8.3.23-0.4.1 is installed OR postgresql-server-8.3.23-0.4.1 is installed Definition Synopsis SUSE Linux Enterprise Server 11 SP2 is installed AND acpid-1.0.6-91.16.1 is installed Definition Synopsis Release Information SUSE Linux Enterprise Server 11 SP3 is installed AND gtk2-2.18.9-0.39.1 is installed OR gtk2-32bit-2.18.9-0.39.1 is installed OR gtk2-doc-2.18.9-0.39.1 is installed OR gtk2-lang-2.18.9-0.39.1 is installed OR gtk2-x86-2.18.9-0.39.1 is installed OR Package Information SUSE Linux Enterprise Server for VMWare 11 SP3 is installed AND gtk2-2.18.9-0.39.1 is installed OR gtk2-32bit-2.18.9-0.39.1 is installed OR gtk2-doc-2.18.9-0.39.1 is installed OR gtk2-lang-2.18.9-0.39.1 is installed OR gtk2-x86-2.18.9-0.39.1 is installed Definition Synopsis SUSE Linux Enterprise Server 11 SP3 is installed AND Package Information PackageKit-0.3.14-2.28.46 is installed OR PackageKit-lang-0.3.14-2.28.46 is installed OR hal-0.5.12-23.68.1 is installed OR hal-32bit-0.5.12-23.68.1 is installed OR hal-doc-0.5.12-23.68.1 is installed OR hal-x86-0.5.12-23.68.1 is installed OR libpackagekit-glib10-0.3.14-2.28.46 is installed Definition Synopsis SUSE Linux Enterprise Server 11 SP4 is installed AND apache2-mod_jk-1.2.40-0.2.1 is installed Definition Synopsis SUSE Linux Enterprise Server 11-SECURITY is installed AND Package Information libopenssl1-devel-1.0.1g-0.52.1 is installed OR libopenssl1_0_0-1.0.1g-0.52.1 is installed OR libopenssl1_0_0-32bit-1.0.1g-0.52.1 is installed OR libopenssl1_0_0-x86-1.0.1g-0.52.1 is installed OR openssl1-1.0.1g-0.52.1 is installed OR openssl1-doc-1.0.1g-0.52.1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 is installed AND Package Information augeas-1.2.0-1 is installed OR augeas-lenses-1.2.0-1 is installed OR libaugeas0-1.2.0-1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information apache2-2.4.16-5 is installed OR apache2-doc-2.4.16-5 is installed OR apache2-example-pages-2.4.16-5 is installed OR apache2-prefork-2.4.16-5 is installed OR apache2-utils-2.4.16-5 is installed OR apache2-worker-2.4.16-5 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information apache-commons-daemon-1.0.15-4 is installed OR apache-commons-daemon-javadoc-1.0.15-4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information accountsservice-0.6.42-14 is installed OR accountsservice-lang-0.6.42-14 is installed OR libaccountsservice0-0.6.42-14 is installed OR typelib-1_0-AccountsService-1_0-0.6.42-14 is installed Definition Synopsis Release Information SUSE Linux Enterprise Server 12 SP5 is installed AND mailman-2.1.17-3.26.1 is installed OR Package Information SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed AND mailman-2.1.17-3.26.1 is installed Definition Synopsis SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed AND Package Information ibus-chewing-1.4.14-4 is installed OR ibus-pinyin-1.5.0-7 is installed Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed AND Package Information apache2-2.4.23-29.27 is installed OR apache2-doc-2.4.23-29.27 is installed OR apache2-example-pages-2.4.23-29.27 is installed OR apache2-prefork-2.4.23-29.27 is installed OR apache2-utils-2.4.23-29.27 is installed OR apache2-worker-2.4.23-29.27 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 11 SP2 is installed AND automake-1.10.1-4.131.9.1 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 11 SP4 is installed AND Package Information cpp48-4.8.3+r212056-2.17 is installed OR gcc48-4.8.3+r212056-2.17 is installed OR gcc48-32bit-4.8.3+r212056-2.17 is installed OR gcc48-c++-4.8.3+r212056-2.17 is installed OR gcc48-fortran-4.8.3+r212056-2.17 is installed OR gcc48-fortran-32bit-4.8.3+r212056-2.17 is installed OR gcc48-info-4.8.3+r212056-2.17 is installed OR gcc48-locale-4.8.3+r212056-2.17 is installed OR libasan0-4.8.3+r212056-2.17 is installed OR libatomic1-4.8.3+r212056-2.17 is installed OR libgfortran3-4.8.3+r212056-2.17 is installed OR libgfortran3-32bit-4.8.3+r212056-2.17 is installed OR libitm1-4.8.3+r212056-2.17 is installed OR libquadmath0-4.8.3+r212056-2.17 is installed OR libquadmath0-32bit-4.8.3+r212056-2.17 is installed OR libstdc++48-devel-4.8.3+r212056-2.17 is installed OR libstdc++48-devel-32bit-4.8.3+r212056-2.17 is installed OR libtsan0-4.8.3+r212056-2.17 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 12 is installed AND aaa_base-malloccheck-13.2+git20140911.61c1681-1 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 12 SP1 is installed AND Package Information bash-devel-4.2-75 is installed OR readline-devel-6.2-75 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 12 SP2 is installed AND Package Information bash-devel-4.3-78 is installed OR readline-devel-6.3-78 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 12 SP3 is installed AND Package Information FastCGI-2.4.0-168 is installed OR FastCGI-devel-2.4.0-168 is installed OR perl-FastCGI-2.4.0-168 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 12 SP1 is installed AND Package Information lhasa-0.2.0-5.1 is installed OR liblhasa0-0.2.0-5.1 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 12 SP2 is installed AND Package Information gstreamer-0_10-plugins-good-0.10.31-16.1 is installed OR gstreamer-0_10-plugins-good-lang-0.10.31-16.1 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 12 SP3 is installed AND libIlmImf-Imf_2_1-21-32bit-2.1.0-4 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 12 SP4 is installed AND argyllcms-1.6.3-3 is installed
BACK