USN-3118-1: Mailman vulnerabilities

Packages

mailman - Powerful, web-based mailing list manager

Details

It was discovered that the Mailman administrative web interface did not
protect against cross-site request forgery (CSRF) attacks. If an
authenticated user were tricked into visiting a malicious website while
logged into Mailman, a remote attacker could perform administrative
actions. This issue only affected Ubuntu 12.04 LTS. (CVE-2016-7123)

Nishant Agarwala discovered that the Mailman user options page did not
protect against cross-site request forgery (CSRF) attacks. If an
authenticated user were tricked into visiting a malicious website while
logged into Mailman, a remote attacker could modify user options.
(CVE-2016-6893)

It was discovered that the Mailman administrative web interface did not
protect against cross-site request forgery (CSRF) attacks. If an
authenticated user were tricked into visiting a malicious website while
logged into Mailman, a remote attacker could perform administrative
actions. This issue only affected Ubuntu 12.04 LTS. (CVE-2016-7123)

Nishant Agarwala discovered that the Mailman user options page did not
protect against cross-site request forgery (CSRF) attacks. If an
authenticated user were tricked into visiting a malicious website while
logged into Mailman, a remote attacker could modify user options.
(CVE-2016-6893)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

Ubuntu Release	Package Version
16.10 yakkety	mailman – 1:2.1.22-1ubuntu0.1
16.04 xenial	mailman – 1:2.1.20-1ubuntu0.1
14.04 trusty	mailman – 1:2.1.16-2ubuntu0.2
12.04 precise	mailman – 1:2.1.14-3ubuntu0.4

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

Packages

Details

Update instructions

Reduce your security exposure

References