Mailman and Git updates for Ubuntu

Ubuntu 7004 Published 2026-03-03 07:18 by Philipp Esselbach

News

Ubuntu has issued security notices for vulnerabilities in Mailman and Git. A vulnerability in Mailman, discovered in 2021, allowed remote list members or moderators to potentially set new admin passwords or make other changes, which has been fixed by updating to version 1:2.1.29-1ubuntu3.1+esm2 on Ubuntu 20.04 LTS and version 1:2.1.20-1ubuntu0.6+esm3 on Ubuntu 16.04 LTS. Another notice addressed a regression in Git introduced by a previous update, which allowed an attacker to run arbitrary commands; this has been fixed by updating to version 1:2.17.1-1ubuntu0.18+esm8 on Ubuntu 18.04 LTS. These updates are available through a standard system update and can also be found with Ubuntu Pro

[USN-8067-1] Mailman vulnerability
[USN-5376-6] Git regression

[USN-8067-1] Mailman vulnerability

==========================================================================
Ubuntu Security Notice USN-8067-1
March 02, 2026

mailman vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 16.04 LTS

Summary:

A system hardening measure could be bypassed.

Software Description:
- mailman: Web-based mailing list manager

Details:

It was discovered that Mailman incorrectly handled CSRF tokens. A remote
list member or moderator could possibly use their own token to craft an
admin request CSRF attack and set a new admin password or make other
changes.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
mailman 1:2.1.29-1ubuntu3.1+esm2
Available with Ubuntu Pro

Ubuntu 16.04 LTS
mailman 1:2.1.20-1ubuntu0.6+esm3
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8067-1
CVE-2021-44227

[USN-5376-6] Git regression

==========================================================================
Ubuntu Security Notice USN-5376-6
March 02, 2026

git regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

USN-5376-1 introduced a regression in Git

Software Description:
- git: fast, scalable, distributed revision control system

Details:

USN-5376-4 fixed a regression in Git. This update provides the
corresponding update for Ubuntu 18.04 LTS.

We apologize for the inconvenience.

Original advisory details:

俞晨东 discovered that Git incorrectly handled certain repository paths
in platforms with multiple users support. An attacker could possibly use
this issue to run arbitrary commands.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
git 1:2.17.1-1ubuntu0.18+esm8
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5376-6
https://ubuntu.com/security/notices/USN-5376-5
https://ubuntu.com/security/notices/USN-5376-4
https://ubuntu.com/security/notices/USN-5376-3
https://ubuntu.com/security/notices/USN-5376-2
https://ubuntu.com/security/notices/USN-5376-1
https://launchpad.net/bugs/2142239

Kernel, Fluidsynth, Libsoup, and more updates for SUSE

Windows Server 2022 KB5082314 Update: Fixing Hello for Business Certificate Renewal Issues

Mailman and Git updates for Ubuntu

[USN-8067-1] Mailman vulnerability

[USN-5376-6] Git regression

Windows

Linux

macOS

Community