Red Hat Product Errata RHSA-2021:4915 - Security Advisory
Issued:
2021-12-02
Updated:
2021-12-02

RHSA-2021:4915 - Security Advisory

Synopsis

Important: mailman:2.1 security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the mailman:2.1 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mailman is a program used to help manage e-mail discussion lists.

Security Fix(es):

  • mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover (CVE-2021-44227)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2026862 - CVE-2021-44227 mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM
mailman-2.1.29-11.module+el8.4.0+13467+746daedf.2.src.rpm SHA-256: f7ed03a4ce217ee5dbb4b3f1f610b3736f4456dafdd017aa176ad7a8530e6334
x86_64
mailman-2.1.29-11.module+el8.4.0+13467+746daedf.2.x86_64.rpm SHA-256: 25537b0588eac319138f302a51479901561e5253a4d0ec9641a7ce0f73418aeb
mailman-debuginfo-2.1.29-11.module+el8.4.0+13467+746daedf.2.x86_64.rpm SHA-256: 34fd5fb1595302a4749f52c60001a33025aa6224ca065b1d77f5118f7c402e0b
mailman-debugsource-2.1.29-11.module+el8.4.0+13467+746daedf.2.x86_64.rpm SHA-256: ed73e108b140c73968df25c5a62481a0bf839bda654809ec16342edbf0749dd3

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4

SRPM
mailman-2.1.29-11.module+el8.4.0+13467+746daedf.2.src.rpm SHA-256: f7ed03a4ce217ee5dbb4b3f1f610b3736f4456dafdd017aa176ad7a8530e6334
x86_64
mailman-2.1.29-11.module+el8.4.0+13467+746daedf.2.x86_64.rpm SHA-256: 25537b0588eac319138f302a51479901561e5253a4d0ec9641a7ce0f73418aeb
mailman-debuginfo-2.1.29-11.module+el8.4.0+13467+746daedf.2.x86_64.rpm SHA-256: 34fd5fb1595302a4749f52c60001a33025aa6224ca065b1d77f5118f7c402e0b
mailman-debugsource-2.1.29-11.module+el8.4.0+13467+746daedf.2.x86_64.rpm SHA-256: ed73e108b140c73968df25c5a62481a0bf839bda654809ec16342edbf0749dd3

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
mailman-2.1.29-11.module+el8.4.0+13467+746daedf.2.src.rpm SHA-256: f7ed03a4ce217ee5dbb4b3f1f610b3736f4456dafdd017aa176ad7a8530e6334
x86_64
mailman-2.1.29-11.module+el8.4.0+13467+746daedf.2.x86_64.rpm SHA-256: 25537b0588eac319138f302a51479901561e5253a4d0ec9641a7ce0f73418aeb
mailman-debuginfo-2.1.29-11.module+el8.4.0+13467+746daedf.2.x86_64.rpm SHA-256: 34fd5fb1595302a4749f52c60001a33025aa6224ca065b1d77f5118f7c402e0b
mailman-debugsource-2.1.29-11.module+el8.4.0+13467+746daedf.2.x86_64.rpm SHA-256: ed73e108b140c73968df25c5a62481a0bf839bda654809ec16342edbf0749dd3

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4

SRPM
mailman-2.1.29-11.module+el8.4.0+13467+746daedf.2.src.rpm SHA-256: f7ed03a4ce217ee5dbb4b3f1f610b3736f4456dafdd017aa176ad7a8530e6334
s390x
mailman-2.1.29-11.module+el8.4.0+13467+746daedf.2.s390x.rpm SHA-256: be1738f81b2d2d021ab147b2f419bb04c5547ce4efc7ca1e0e860de0d3be78e4
mailman-debuginfo-2.1.29-11.module+el8.4.0+13467+746daedf.2.s390x.rpm SHA-256: 29f60176be1d2659f4ee4028ea80f06e27a3f695601997bc0492ab5fa623f3f8
mailman-debugsource-2.1.29-11.module+el8.4.0+13467+746daedf.2.s390x.rpm SHA-256: 997fbe05f96ba2ad8cb680534106d0abd2f1bbf9d5b796f6778c69e346846c66

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM
mailman-2.1.29-11.module+el8.4.0+13467+746daedf.2.src.rpm SHA-256: f7ed03a4ce217ee5dbb4b3f1f610b3736f4456dafdd017aa176ad7a8530e6334
ppc64le
mailman-2.1.29-11.module+el8.4.0+13467+746daedf.2.ppc64le.rpm SHA-256: 2712d0ae0aa29668e31892a17a25a08cbe049b5371724cfdc8a98faad08809e1
mailman-debuginfo-2.1.29-11.module+el8.4.0+13467+746daedf.2.ppc64le.rpm SHA-256: 357f51ad0d71aed1db30a87c3d81baa4053c05433b35341fad1486b00c5d27e1
mailman-debugsource-2.1.29-11.module+el8.4.0+13467+746daedf.2.ppc64le.rpm SHA-256: f6015ce2dc652ffb91ef78150f9567a92c3022e7ccbe55382df85a602d8989e0

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
mailman-2.1.29-11.module+el8.4.0+13467+746daedf.2.src.rpm SHA-256: f7ed03a4ce217ee5dbb4b3f1f610b3736f4456dafdd017aa176ad7a8530e6334
x86_64
mailman-2.1.29-11.module+el8.4.0+13467+746daedf.2.x86_64.rpm SHA-256: 25537b0588eac319138f302a51479901561e5253a4d0ec9641a7ce0f73418aeb
mailman-debuginfo-2.1.29-11.module+el8.4.0+13467+746daedf.2.x86_64.rpm SHA-256: 34fd5fb1595302a4749f52c60001a33025aa6224ca065b1d77f5118f7c402e0b
mailman-debugsource-2.1.29-11.module+el8.4.0+13467+746daedf.2.x86_64.rpm SHA-256: ed73e108b140c73968df25c5a62481a0bf839bda654809ec16342edbf0749dd3

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM
mailman-2.1.29-11.module+el8.4.0+13467+746daedf.2.src.rpm SHA-256: f7ed03a4ce217ee5dbb4b3f1f610b3736f4456dafdd017aa176ad7a8530e6334
aarch64
mailman-2.1.29-11.module+el8.4.0+13467+746daedf.2.aarch64.rpm SHA-256: 31dc86b9deecc14e1ca95cd5627c53ff7a6b575438207f4cb3fcb8a773d39053
mailman-debuginfo-2.1.29-11.module+el8.4.0+13467+746daedf.2.aarch64.rpm SHA-256: 6d1c9ce3d9ebc0d1741aa881720b18f49dcf9b4e1ef08cf1b3da390f8fc186aa
mailman-debugsource-2.1.29-11.module+el8.4.0+13467+746daedf.2.aarch64.rpm SHA-256: 93d2184380c0601b18220aeb8bd90c69fc93597284e1bf87c64acae29c1abd47

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM
mailman-2.1.29-11.module+el8.4.0+13467+746daedf.2.src.rpm SHA-256: f7ed03a4ce217ee5dbb4b3f1f610b3736f4456dafdd017aa176ad7a8530e6334
ppc64le
mailman-2.1.29-11.module+el8.4.0+13467+746daedf.2.ppc64le.rpm SHA-256: 2712d0ae0aa29668e31892a17a25a08cbe049b5371724cfdc8a98faad08809e1
mailman-debuginfo-2.1.29-11.module+el8.4.0+13467+746daedf.2.ppc64le.rpm SHA-256: 357f51ad0d71aed1db30a87c3d81baa4053c05433b35341fad1486b00c5d27e1
mailman-debugsource-2.1.29-11.module+el8.4.0+13467+746daedf.2.ppc64le.rpm SHA-256: f6015ce2dc652ffb91ef78150f9567a92c3022e7ccbe55382df85a602d8989e0

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM
mailman-2.1.29-11.module+el8.4.0+13467+746daedf.2.src.rpm SHA-256: f7ed03a4ce217ee5dbb4b3f1f610b3736f4456dafdd017aa176ad7a8530e6334
x86_64
mailman-2.1.29-11.module+el8.4.0+13467+746daedf.2.x86_64.rpm SHA-256: 25537b0588eac319138f302a51479901561e5253a4d0ec9641a7ce0f73418aeb
mailman-debuginfo-2.1.29-11.module+el8.4.0+13467+746daedf.2.x86_64.rpm SHA-256: 34fd5fb1595302a4749f52c60001a33025aa6224ca065b1d77f5118f7c402e0b
mailman-debugsource-2.1.29-11.module+el8.4.0+13467+746daedf.2.x86_64.rpm SHA-256: ed73e108b140c73968df25c5a62481a0bf839bda654809ec16342edbf0749dd3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.