Red Hat Product Errata RHSA-2021:1751 - Security Advisory

Issued:: 2021-05-18
Updated:: 2021-05-18

RHSA-2021:1751 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: mailman:2.1 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the mailman:2.1 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mailman is a program used to help manage e-mail discussion lists.

Security Fix(es):

mailman: arbitrary content injection via the options login page (CVE-2020-12108)
mailman: arbitrary content injection via the private archive login page (CVE-2020-15011)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
Red Hat Enterprise Linux Server - AUS 8.6 x86_64
Red Hat Enterprise Linux Server - AUS 8.4 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
Red Hat Enterprise Linux Server - TUS 8.6 x86_64
Red Hat Enterprise Linux Server - TUS 8.4 x86_64
Red Hat Enterprise Linux for ARM 64 8 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

BZ - 1848856 - CVE-2020-12108 mailman: arbitrary content injection via the options login page
BZ - 1850684 - CVE-2020-15011 mailman: arbitrary content injection via the private archive login page

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.src.rpm	SHA-256: f1662246f420d15d5867fab133b24433fc15cffd90e4168dd93d0bcb947d9315
x86_64
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: c732eff080e2bd1cafea8d011d62646c06cb5ec97d73b7b076f539eef69fc27b
mailman-debuginfo-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: e3c1f72ae3b55c68d26f93754ff2c0619a9b7ffe428dfe8ae5490e49f81c4d2b
mailman-debugsource-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: 3a1ddda44053b128df165d37121604b1114f6ffe13c02fc27f56a662884eb260

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.src.rpm	SHA-256: f1662246f420d15d5867fab133b24433fc15cffd90e4168dd93d0bcb947d9315
x86_64
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: c732eff080e2bd1cafea8d011d62646c06cb5ec97d73b7b076f539eef69fc27b
mailman-debuginfo-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: e3c1f72ae3b55c68d26f93754ff2c0619a9b7ffe428dfe8ae5490e49f81c4d2b
mailman-debugsource-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: 3a1ddda44053b128df165d37121604b1114f6ffe13c02fc27f56a662884eb260

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.src.rpm	SHA-256: f1662246f420d15d5867fab133b24433fc15cffd90e4168dd93d0bcb947d9315
x86_64
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: c732eff080e2bd1cafea8d011d62646c06cb5ec97d73b7b076f539eef69fc27b
mailman-debuginfo-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: e3c1f72ae3b55c68d26f93754ff2c0619a9b7ffe428dfe8ae5490e49f81c4d2b
mailman-debugsource-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: 3a1ddda44053b128df165d37121604b1114f6ffe13c02fc27f56a662884eb260

Red Hat Enterprise Linux Server - AUS 8.6

SRPM
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.src.rpm	SHA-256: f1662246f420d15d5867fab133b24433fc15cffd90e4168dd93d0bcb947d9315
x86_64
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: c732eff080e2bd1cafea8d011d62646c06cb5ec97d73b7b076f539eef69fc27b
mailman-debuginfo-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: e3c1f72ae3b55c68d26f93754ff2c0619a9b7ffe428dfe8ae5490e49f81c4d2b
mailman-debugsource-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: 3a1ddda44053b128df165d37121604b1114f6ffe13c02fc27f56a662884eb260

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.src.rpm	SHA-256: f1662246f420d15d5867fab133b24433fc15cffd90e4168dd93d0bcb947d9315
x86_64
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: c732eff080e2bd1cafea8d011d62646c06cb5ec97d73b7b076f539eef69fc27b
mailman-debuginfo-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: e3c1f72ae3b55c68d26f93754ff2c0619a9b7ffe428dfe8ae5490e49f81c4d2b
mailman-debugsource-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: 3a1ddda44053b128df165d37121604b1114f6ffe13c02fc27f56a662884eb260

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.src.rpm	SHA-256: f1662246f420d15d5867fab133b24433fc15cffd90e4168dd93d0bcb947d9315
s390x
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.s390x.rpm	SHA-256: abaf514151e03365db03b9b8cf7a6b76b80544a0e38209f26ecbe707d4bf3384
mailman-debuginfo-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.s390x.rpm	SHA-256: 3277e36a2aba0faadab0b1ee0052501ef3deb8e41859e27460f855712a33fb1b
mailman-debugsource-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.s390x.rpm	SHA-256: ccfca9c7febdcc3e874bb61e13fdd16de3f4bf9d0c5d7e9e9aa08c767b01ae3d

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.src.rpm	SHA-256: f1662246f420d15d5867fab133b24433fc15cffd90e4168dd93d0bcb947d9315
s390x
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.s390x.rpm	SHA-256: abaf514151e03365db03b9b8cf7a6b76b80544a0e38209f26ecbe707d4bf3384
mailman-debuginfo-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.s390x.rpm	SHA-256: 3277e36a2aba0faadab0b1ee0052501ef3deb8e41859e27460f855712a33fb1b
mailman-debugsource-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.s390x.rpm	SHA-256: ccfca9c7febdcc3e874bb61e13fdd16de3f4bf9d0c5d7e9e9aa08c767b01ae3d

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4

SRPM
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.src.rpm	SHA-256: f1662246f420d15d5867fab133b24433fc15cffd90e4168dd93d0bcb947d9315
s390x
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.s390x.rpm	SHA-256: abaf514151e03365db03b9b8cf7a6b76b80544a0e38209f26ecbe707d4bf3384
mailman-debuginfo-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.s390x.rpm	SHA-256: 3277e36a2aba0faadab0b1ee0052501ef3deb8e41859e27460f855712a33fb1b
mailman-debugsource-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.s390x.rpm	SHA-256: ccfca9c7febdcc3e874bb61e13fdd16de3f4bf9d0c5d7e9e9aa08c767b01ae3d

Red Hat Enterprise Linux for Power, little endian 8

SRPM
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.src.rpm	SHA-256: f1662246f420d15d5867fab133b24433fc15cffd90e4168dd93d0bcb947d9315
ppc64le
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.ppc64le.rpm	SHA-256: 4dadf2152384dbe7f48c449825a9fd0b3725158dbf12fd1523b5a0f4c23165a8
mailman-debuginfo-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.ppc64le.rpm	SHA-256: 32a1f6d18225053b01e47f592be2efb30cdae7885f7396ac614c346777a96e35
mailman-debugsource-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.ppc64le.rpm	SHA-256: b5b25daff014f2f661b829104e88cc28f129be400de758f6fab4b837ccfe44c7

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.src.rpm	SHA-256: f1662246f420d15d5867fab133b24433fc15cffd90e4168dd93d0bcb947d9315
ppc64le
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.ppc64le.rpm	SHA-256: 4dadf2152384dbe7f48c449825a9fd0b3725158dbf12fd1523b5a0f4c23165a8
mailman-debuginfo-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.ppc64le.rpm	SHA-256: 32a1f6d18225053b01e47f592be2efb30cdae7885f7396ac614c346777a96e35
mailman-debugsource-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.ppc64le.rpm	SHA-256: b5b25daff014f2f661b829104e88cc28f129be400de758f6fab4b837ccfe44c7

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.src.rpm	SHA-256: f1662246f420d15d5867fab133b24433fc15cffd90e4168dd93d0bcb947d9315
ppc64le
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.ppc64le.rpm	SHA-256: 4dadf2152384dbe7f48c449825a9fd0b3725158dbf12fd1523b5a0f4c23165a8
mailman-debuginfo-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.ppc64le.rpm	SHA-256: 32a1f6d18225053b01e47f592be2efb30cdae7885f7396ac614c346777a96e35
mailman-debugsource-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.ppc64le.rpm	SHA-256: b5b25daff014f2f661b829104e88cc28f129be400de758f6fab4b837ccfe44c7

Red Hat Enterprise Linux Server - TUS 8.6

SRPM
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.src.rpm	SHA-256: f1662246f420d15d5867fab133b24433fc15cffd90e4168dd93d0bcb947d9315
x86_64
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: c732eff080e2bd1cafea8d011d62646c06cb5ec97d73b7b076f539eef69fc27b
mailman-debuginfo-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: e3c1f72ae3b55c68d26f93754ff2c0619a9b7ffe428dfe8ae5490e49f81c4d2b
mailman-debugsource-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: 3a1ddda44053b128df165d37121604b1114f6ffe13c02fc27f56a662884eb260

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.src.rpm	SHA-256: f1662246f420d15d5867fab133b24433fc15cffd90e4168dd93d0bcb947d9315
x86_64
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: c732eff080e2bd1cafea8d011d62646c06cb5ec97d73b7b076f539eef69fc27b
mailman-debuginfo-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: e3c1f72ae3b55c68d26f93754ff2c0619a9b7ffe428dfe8ae5490e49f81c4d2b
mailman-debugsource-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: 3a1ddda44053b128df165d37121604b1114f6ffe13c02fc27f56a662884eb260

Red Hat Enterprise Linux for ARM 64 8

SRPM
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.src.rpm	SHA-256: f1662246f420d15d5867fab133b24433fc15cffd90e4168dd93d0bcb947d9315
aarch64
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.aarch64.rpm	SHA-256: 14a11c60c21d1de9b94dc3763de337ccb6eba13ee8f3784910e38f43b501370b
mailman-debuginfo-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.aarch64.rpm	SHA-256: 137312ec5c191c2caecf83fc13f656b251da7d79e62901d1fc57189b8590b2dc
mailman-debugsource-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.aarch64.rpm	SHA-256: 14d01de60b9be46dabf7bf92f3c56e037959a3049b321f5743b1f6b970e2b0e2

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.src.rpm	SHA-256: f1662246f420d15d5867fab133b24433fc15cffd90e4168dd93d0bcb947d9315
aarch64
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.aarch64.rpm	SHA-256: 14a11c60c21d1de9b94dc3763de337ccb6eba13ee8f3784910e38f43b501370b
mailman-debuginfo-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.aarch64.rpm	SHA-256: 137312ec5c191c2caecf83fc13f656b251da7d79e62901d1fc57189b8590b2dc
mailman-debugsource-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.aarch64.rpm	SHA-256: 14d01de60b9be46dabf7bf92f3c56e037959a3049b321f5743b1f6b970e2b0e2

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.src.rpm	SHA-256: f1662246f420d15d5867fab133b24433fc15cffd90e4168dd93d0bcb947d9315
aarch64
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.aarch64.rpm	SHA-256: 14a11c60c21d1de9b94dc3763de337ccb6eba13ee8f3784910e38f43b501370b
mailman-debuginfo-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.aarch64.rpm	SHA-256: 137312ec5c191c2caecf83fc13f656b251da7d79e62901d1fc57189b8590b2dc
mailman-debugsource-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.aarch64.rpm	SHA-256: 14d01de60b9be46dabf7bf92f3c56e037959a3049b321f5743b1f6b970e2b0e2

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.src.rpm	SHA-256: f1662246f420d15d5867fab133b24433fc15cffd90e4168dd93d0bcb947d9315
ppc64le
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.ppc64le.rpm	SHA-256: 4dadf2152384dbe7f48c449825a9fd0b3725158dbf12fd1523b5a0f4c23165a8
mailman-debuginfo-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.ppc64le.rpm	SHA-256: 32a1f6d18225053b01e47f592be2efb30cdae7885f7396ac614c346777a96e35
mailman-debugsource-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.ppc64le.rpm	SHA-256: b5b25daff014f2f661b829104e88cc28f129be400de758f6fab4b837ccfe44c7

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.src.rpm	SHA-256: f1662246f420d15d5867fab133b24433fc15cffd90e4168dd93d0bcb947d9315
ppc64le
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.ppc64le.rpm	SHA-256: 4dadf2152384dbe7f48c449825a9fd0b3725158dbf12fd1523b5a0f4c23165a8
mailman-debuginfo-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.ppc64le.rpm	SHA-256: 32a1f6d18225053b01e47f592be2efb30cdae7885f7396ac614c346777a96e35
mailman-debugsource-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.ppc64le.rpm	SHA-256: b5b25daff014f2f661b829104e88cc28f129be400de758f6fab4b837ccfe44c7

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.src.rpm	SHA-256: f1662246f420d15d5867fab133b24433fc15cffd90e4168dd93d0bcb947d9315
x86_64
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: c732eff080e2bd1cafea8d011d62646c06cb5ec97d73b7b076f539eef69fc27b
mailman-debuginfo-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: e3c1f72ae3b55c68d26f93754ff2c0619a9b7ffe428dfe8ae5490e49f81c4d2b
mailman-debugsource-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: 3a1ddda44053b128df165d37121604b1114f6ffe13c02fc27f56a662884eb260

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.src.rpm	SHA-256: f1662246f420d15d5867fab133b24433fc15cffd90e4168dd93d0bcb947d9315
x86_64
mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: c732eff080e2bd1cafea8d011d62646c06cb5ec97d73b7b076f539eef69fc27b
mailman-debuginfo-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: e3c1f72ae3b55c68d26f93754ff2c0619a9b7ffe428dfe8ae5490e49f81c4d2b
mailman-debugsource-2.1.29-11.module+el8.4.0+8277+5e2c6e6e.x86_64.rpm	SHA-256: 3a1ddda44053b128df165d37121604b1114f6ffe13c02fc27f56a662884eb260

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation