Lucene search

UbuntuUSN-5151-2

HistoryNov 25, 2021 - 12:00 a.m.

Mailman vulnerabilities

2021-11-2500:00:00

ubuntu.com

mailman

ubuntu 20.04 lts

web-based mailing list manager

cve-2021-43331

cve-2021-43332

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.003

Percentile

70.1%

JSON

Releases

Ubuntu 20.04 LTS

Packages

mailman - Web-based mailing list manager

Details

USN-5151-1 fixed several vulnerabilities in Mailman. This update provides
the corresponding update for Ubuntu 20.04 ESM.

Original advisory details:

It was discovered that Mailman incorrectly handled certain URL.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-43331)

It was discovered that Mailman incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2021-43332)

OSVersionArchitecturePackageVersionFilename
Ubuntu20.04noarchmailman< 1:2.1.29-1ubuntu3.1+esm1UNKNOWN
Ubuntu20.04noarchmailman< 1:2.1.29-1ubuntu3.1UNKNOWN
Ubuntu20.04noarchmailman-dbgsym< 1:2.1.29-1ubuntu3.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	20.04	noarch	mailman	< 1:2.1.29-1ubuntu3.1+esm1	UNKNOWN
Ubuntu	20.04	noarch	mailman	< 1:2.1.29-1ubuntu3.1	UNKNOWN
Ubuntu	20.04	noarch	mailman-dbgsym	< 1:2.1.29-1ubuntu3.1	UNKNOWN