Synopsis: Important: mailman security update Advisory ID: SLSA-2021:4913-1 Issue Date: 2021-12-02 CVE Numbers: CVE-2016-6893 CVE-2021-42097 CVE-2021-44227 -- Security Fix(es): * mailman: CSRF token bypass allows to perform CSRF attacks and account takeover (CVE-2021-42097) * mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover (CVE-2021-44227) * mailman: CSRF protection missing in the user options page (CVE-2016-6893) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE -- SL7 x86_64 mailman-2.1.15-30.el7_9.2.x86_64.rpm mailman-debuginfo-2.1.15-30.el7_9.2.x86_64.rpm - Scientific Linux Development Team