Your submission was sent successfully! Close

USN-5180-1: Mailman vulnerability

7 December 2021

A system hardening measure could be bypassed.

Releases

Packages

  • mailman - Web-based mailing list manager

Details

It was discovered that Mailman incorrectly handled CSRF tokens. A remote
list member or moderator could possibly use their own token to craft an
admin request CSRF attack and set a new admin password or make other
changes.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04

In general, a standard system update will make all the necessary changes.

References