Säkerhetsbulletin från Debian
DSA-1978-1 phpgroupware -- flera sårbarheter
- Rapporterat den:
- 2010-01-26
- Berörda paket:
- phpgroupware
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Mitres CVE-förteckning: CVE-2009-4414, CVE-2009-4415, CVE-2009-4416.
- Ytterligare information:
-
Flera utifrån nåbara sårbarheter har upptäckts i phpgroupware, ett webbaserat gruppsystem skrivet i PHP. Projektet Common Vulnerabilities and Exposures identifierar följande problem:
- CVE-2009-4414
En SQL-injiceringssårbarhet upptäcktes i autentiseringsmodulen.
- CVE-2009-4415
Flera katalogtraverseringssårbarheter upptäcktes i adressboksmodulen.
- CVE-2009-4416
Autentiseringsmodulen påverkas av serveröverskridande skriptangrepp.
För den stabila utgåvan (Lenny) har dessa problem rättats i version 0.9.16.012+dfsg-8+lenny1.
För den instabila utgåvan (Sid) har dessa problem rättats i version 0.9.16.012+dfsg-9.
Vi rekommenderar att ni uppgraderar era phpgroupware-paket.
- CVE-2009-4414
- Rättat i:
-
Debian GNU/Linux 5.0 (lenny)
- Källkod:
- http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg.orig.tar.gz
- http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny1.diff.gz
- http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny1.dsc
- http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny1.diff.gz
- Arkitekturoberoende komponent:
- http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-email_0.9.16.012+dfsg-8+lenny1_all.deb
- http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-core-base_0.9.16.012+dfsg-8+lenny1_all.deb
- http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-calendar_0.9.16.012+dfsg-8+lenny1_all.deb
- http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-addressbook_0.9.16.012+dfsg-8+lenny1_all.deb
- http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny1_all.deb
- http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-news-admin_0.9.16.012+dfsg-8+lenny1_all.deb
- http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-manual_0.9.16.012+dfsg-8+lenny1_all.deb
- http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-filemanager_0.9.16.012+dfsg-8+lenny1_all.deb
- http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-phpgwapi_0.9.16.012+dfsg-8+lenny1_all.deb
- http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-preferences_0.9.16.012+dfsg-8+lenny1_all.deb
- http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16_0.9.16.012+dfsg-8+lenny1_all.deb
- http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-core_0.9.16.012+dfsg-8+lenny1_all.deb
- http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-admin_0.9.16.012+dfsg-8+lenny1_all.deb
- http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-notes_0.9.16.012+dfsg-8+lenny1_all.deb
- http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-doc_0.9.16.012+dfsg-8+lenny1_all.deb
- http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-phpgwapi-doc_0.9.16.012+dfsg-8+lenny1_all.deb
- http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-setup_0.9.16.012+dfsg-8+lenny1_all.deb
- http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-todo_0.9.16.012+dfsg-8+lenny1_all.deb
- http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-core-base_0.9.16.012+dfsg-8+lenny1_all.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.