Debians sikkerhedsbulletin

DSA-2013-1 egroupware -- flere sårbarheder

Rapporteret den:
11. mar 2010
Berørte pakker:
egroupware
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Debians fejlsporingssystem: Fejl 573279.
Yderligere oplysninger:

Nahuel Grisolia opdagede to sårbarheder i Egroupware, en webbaseret groupwaresuite: Manglende fornuftighedskontrol af inddata i stavekontrolsintegrationen kunne føre til udførelse af vilkårlige kommandoer samt en sårbarhed i forbindelse med udførelse af skripter på tværs af websteder blev opdaget på loginsiden.

I den stabile distribution (lenny), er disse problemer rettet i version 1.4.004-2.dfsg-4.2.

Den kommende stabile distribution (squeeze), indeholder ikke længere egroupware-pakker.

Vi anbefaler at du opgraderer dine egroupware-pakker.

Rettet i:

Debian GNU/Linux 5.0 (lenny)

Kildekode:
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.4.004-2.dfsg-4.2.diff.gz
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.4.004-2.dfsg-4.2.dsc
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.4.004-2.dfsg.orig.tar.gz
Arkitekturuafhængig komponent:
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-bookmarks_1.4.004-2.dfsg-4.2_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-felamimail_1.4.004-2.dfsg-4.2_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-mydms_1.4.004-2.dfsg-4.2_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-polls_1.4.004-2.dfsg-4.2_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-calendar_1.4.004-2.dfsg-4.2_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-developer-tools_1.4.004-2.dfsg-4.2_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-etemplate_1.4.004-2.dfsg-4.2_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-emailadmin_1.4.004-2.dfsg-4.2_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpsysinfo_1.4.004-2.dfsg-4.2_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.4.004-2.dfsg-4.2_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-resources_1.4.004-2.dfsg-4.2_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-news-admin_1.4.004-2.dfsg-4.2_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-filemanager_1.4.004-2.dfsg-4.2_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-registration_1.4.004-2.dfsg-4.2_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-sitemgr_1.4.004-2.dfsg-4.2_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpbrain_1.4.004-2.dfsg-4.2_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-core_1.4.004-2.dfsg-4.2_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-infolog_1.4.004-2.dfsg-4.2_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-tracker_1.4.004-2.dfsg-4.2_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-wiki_1.4.004-2.dfsg-4.2_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-sambaadmin_1.4.004-2.dfsg-4.2_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-addressbook_1.4.004-2.dfsg-4.2_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-timesheet_1.4.004-2.dfsg-4.2_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-manual_1.4.004-2.dfsg-4.2_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-projectmanager_1.4.004-2.dfsg-4.2_all.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.