-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2791-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb October 23, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : mailman Version : 1:2.1.23-1+deb9u7 CVE IDs : CVE-2021-42096, CVE-2021-42097 It was discovered that there was a potential remote privilege escalation vulnerability in the Mailman mailing-list manager. Some CSRF token values were derived from the admin password, and that could have been used to conductg a brute-force attack against that password. For Debian 9 "Stretch", this problem has been fixed in version 1:2.1.23-1+deb9u7. We recommend that you upgrade your mailman packages. For the detailed security status of mailman please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mailman Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmF0PfUACgkQHpU+J9Qx HljJQQ/9GMRaJRvJqStHpWpggZwgRYv0q5tHBjIKvpswXKATW7+95T60W+0mlGI+ II6Ew93/dJ1lvlXH5QgssnmGNZcPrtUd1H4STfhxQq4wU/F14XE6m6IXT8lxCeMm G5/yGnC+HLHVMEwVIhbsAl8w10a6eNCpn7wrgpuQ5lmgHcBUIO3scfDrk7CoWg5j wzO0WiIzwdzGTCuOkZv6yqTmR/MxsUVoUn2XGA57zhToOfV9E3bAaAiV7LzaCb99 RSN1S4LnGVYn0k4rItiys58tx8jETpOC1ERAT1w5d72K6NEhjr8Dwr76ABlgnUe9 0ClHOKof4owf3ub8UQsyOdsWwQ/lo7pLfhD2DIeYktOWPaBjfFZkyvgSoKqOD3bp P+qE+7gYY89YWlLXJ1v/uujnUa5j0ofuxlS/0HisO5tKnQc+dv2NpJMsPEp4zczV H/UquX70DSgnbLIkviZqGU+7X++sHWVKbWl5I59ZetI7FgbcbxJPFUaW0lhNzkwx T9d4E+lR1dQffyc7eaI4AKBi1d96FnR21IuP1OHFrWVSsAkWtcaAV1njfkU1kpZV E7flXKuhqLi+hxwiuBCJEz7QNUNDY4lav975mrw6YXtPdsOFQ/4rlK1PtvqNogmb ZMTzwXDAC53B4xycybC411d1UH0FHtRvDCS68aMjc1M/UYii+Ls= =ZwJh -----END PGP SIGNATURE-----
