Ubuntu Security Notice 5151-1 - It was discovered that Mailman incorrectly handled certain URL. An attacker could possibly use this issue to execute arbitrary code. It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.
674311448533be90e7da727c09a0402321b51321d7a73d147f446c237b7c566a
=========================================================================
Ubuntu Security Notice USN-5151-1
November 18, 2021
mailman vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Mailman.
Software Description:
- mailman: Web-based mailing list manager
Details:
It was discovered that Mailman incorrectly handled certain URL.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-43331)
It was discovered that Mailman incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2021-43332)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
mailman 1:2.1.26-1ubuntu0.5
Ubuntu 16.04 ESM:
mailman 1:2.1.20-1ubuntu0.6+esm2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5151-1
CVE-2021-43331, CVE-2021-43332, https://launchpad.net/bugs/1949401, https://launchpad.net/mailman/+bug/1949403
Package Information:
https://launchpad.net/ubuntu/+source/mailman/1:2.1.26-1ubuntu0.5