Debian-Sicherheitsankündigung

DSA-747-1 egroupware -- Eingabeüberprüfungsfehler

Datum des Berichts:
10. Jul 2005
Betroffene Pakete:
egroupware
Verwundbar:
Ja
Sicherheitsdatenbanken-Referenzen:
In Mitres CVE-Verzeichnis: CVE-2005-1921.
Weitere Informationen:

Eine Verwundbarkeit wurde in der xmlrpc-Bibliothek, die dem egroupware-Paket beiliegt, identifiziert. Diese Verwundbarkeit könnte zur Ausführung beliebiger Befehle auf dem Server, auf dem egroupware läuft, führen.

Die alten Stable-Distribution (Woody) enthielt egroupware nicht.

Für die aktuelle Stable-Distribution (Sarge) ist dieses Problem in Version 1.0.0.007-2.dfsg-2sarge1 behoben.

Für die Unstable-Distribution (Sid) ist dieses Problem in Version 1.0.0.007-3.dfsg-1 behoben.

Wir empfehlen Ihnen, Ihr egroupware-Paket zu aktualisieren.

Behoben in:

Debian GNU/Linux 3.1 (sarge)

Quellcode:
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg.orig.tar.gz
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge1.diff.gz
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge1.dsc
Architektur-unabhängige Dateien:
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-forum_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-ftp_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-sitemgr_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-jinn_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-stocks_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-news-admin_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-emailadmin_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-addressbook_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpsysinfo_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-manual_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-filemanager_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-tts_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-comic_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-fudforum_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-infolog_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-bookmarks_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpbrain_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-core_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-messenger_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-etemplate_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-calendar_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-headlines_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-ldap_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-wiki_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-email_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-projects_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpldapadmin_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-felamimail_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-polls_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-registration_1.0.0.007-2.dfsg-2sarge1_all.deb
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-developer-tools_1.0.0.007-2.dfsg-2sarge1_all.deb

MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.