[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 835-1] cakephp security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : cakephp
Version        : 1.3.15-1+deb7u2
CVE ID         : CVE-2016-4793

Dawid Golunski from legalhackers.com discovered that cakephp, an
application development framework for PHP, contains a vulnerability
that allows attackers to spoof the source IP address. It would allow
them to bypass access control lists, or the injection of malicious
data which, if treated as sanitized by an unaware CakePHP-based
application, can lead to other vulnerabilities such as SQL injection,
XSS or command injection.

For Debian 7 "Wheezy", these problems have been fixed in version
1.3.15-1+deb7u2.

We recommend that you upgrade your cakephp packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAliwjGJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQWwA//b6iS7+366HjXXejDeoik4NUO3VgebIGCn+uRUMMlv8cAisFyjArBYRKd
yyf+3gG5+/FqtIAXMi+ivzxvbMUeEegQj0jrZmQHZ5fMMqKg7nfpmJ8X+YG6VaPl
l9CEz/aqXvuUtwNffkuxg8Vdux0zeSuuAPzrhnMYjFQP0vDAY/FrmmjRMwUjzCta
FwF/3hYblFGqSImiNeL8/8eqBxymhl3QyZ2O0cEEE45Ip92D/na0uDyPY6aEmF6z
SsFIA71aO9QKjLdGjZ7Ubjh3zRxouwXYr0Y8Q9cHOhruYbLJ9rV7MXbb1NnnSAj0
TkAnkTdl1e7fn8bNaMbQoKB/Bi/udU2eyDFSF70GT3Vsdyx0ZzF1Ut9s1fPRaXm2
qgx3faavRCPCyB8gftWFk+hdp6oLxht+NuWVypclewEA5Tdl5zKylQECc5mh6SVn
NX0FEkKhFU3Tzrh8H7ba8rjJTBMiriOMdlYsscj5l7Xq1bwv97l330TBKP24vMOG
o9GMClySVkr1wsxy5uX8ChTg4FFoe2cfqGEkxh/edFVlZTOlqKQ5WpPvMwu/qGjY
MpekY4KyojZWs16zm7EPHVmM6hXEDID/1so8BWkax/W+JVp6LTDe4Pl6PNDatCeQ
1+jDhbOsopOnxgrMVnToY2xRJ/1+pDkQny9jwiCQ+A8f54VzFio=
=64uF
-----END PGP SIGNATURE-----
Reply to: