lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 28 Mar 2015 10:16:01 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2015:087 ] egroupware

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:087
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : egroupware
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated egroupware packages fix security vulnerabilities:
 
 eGroupware prior to 1.8.006.20140217 is vulnerable to remote file
 deletion and possible remote code execution due to user input being
 passed to PHP&#039;s unserialize() method (CVE-2014-2027).
 
 eGroupWare before 1.8.007 allows logged in users with administrative
 priviledges to remotely execute arbitrary commands on the server.
 It is also vulnerable to a cross site request forgery vulnerability
 that allows creating new administrative users.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2027
 http://advisories.mageia.org/MGASA-2014-0116.html
 http://advisories.mageia.org/MGASA-2014-0221.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 2/X86_64:
 cf4a9bb8ef30cf74a7e8104eaed1e5ea  mbs2/x86_64/egroupware-1.8.007.20140506-1.mbs2.noarch.rpm
 7d471a1f7934338d9c17c39aed046a92  mbs2/x86_64/egroupware-bookmarks-1.8.007.20140506-1.mbs2.noarch.rpm
 bca49e4c9f90170d049e0f573736553f  mbs2/x86_64/egroupware-calendar-1.8.007.20140506-1.mbs2.noarch.rpm
 3195fb6185b0db015c68eeed25391fea  mbs2/x86_64/egroupware-developer_tools-1.8.007.20140506-1.mbs2.noarch.rpm
 e9f33f46b78933cc7c7c054be6f1bc18  mbs2/x86_64/egroupware-egw-pear-1.8.007.20140506-1.mbs2.noarch.rpm
 8298f11458f4d6ab41a76842990c9b88  mbs2/x86_64/egroupware-emailadmin-1.8.007.20140506-1.mbs2.noarch.rpm
 8395d7c10874355e37d93af463a912c0  mbs2/x86_64/egroupware-felamimail-1.8.007.20140506-1.mbs2.noarch.rpm
 79b36d573ccaedd8ad098054d6ac662f  mbs2/x86_64/egroupware-filemanager-1.8.007.20140506-1.mbs2.noarch.rpm
 e931484776456c96ad3f7c2a98991904  mbs2/x86_64/egroupware-gallery-1.8.007.20140506-1.mbs2.noarch.rpm
 0e6028e764cfcbe9adc7e2d429e1bcfa  mbs2/x86_64/egroupware-importexport-1.8.007.20140506-1.mbs2.noarch.rpm
 4026fb77115740ac83b194b4051fec80  mbs2/x86_64/egroupware-infolog-1.8.007.20140506-1.mbs2.noarch.rpm
 95d30157cd8d0cbf6c65442ad20e26ae  mbs2/x86_64/egroupware-manual-1.8.007.20140506-1.mbs2.noarch.rpm
 f9f5395813df6b06711304342fcbbd43  mbs2/x86_64/egroupware-news_admin-1.8.007.20140506-1.mbs2.noarch.rpm
 5e67c67c9fd0eb7308d6f268ac8506ab  mbs2/x86_64/egroupware-notifications-1.8.007.20140506-1.mbs2.noarch.rpm
 921e180cc7b2c6d2de58e2b5dc877a2f  mbs2/x86_64/egroupware-phpbrain-1.8.007.20140506-1.mbs2.noarch.rpm
 bf3d6323441283889833de12eda53b1a  mbs2/x86_64/egroupware-phpsysinfo-1.8.007.20140506-1.mbs2.noarch.rpm
 675ea8d94c058a0c048b0784128f3bc1  mbs2/x86_64/egroupware-polls-1.8.007.20140506-1.mbs2.noarch.rpm
 4488bb434ff2cee958198a62cd75915d  mbs2/x86_64/egroupware-projectmanager-1.8.007.20140506-1.mbs2.noarch.rpm
 b1af84b4ee06f528c1bbb2026a1371c5  mbs2/x86_64/egroupware-registration-1.8.007.20140506-1.mbs2.noarch.rpm
 5a4b0422fcf415cf7dbb67677aea4e69  mbs2/x86_64/egroupware-sambaadmin-1.8.007.20140506-1.mbs2.noarch.rpm
 8ad55477e0043a97b98c312f996e1b89  mbs2/x86_64/egroupware-sitemgr-1.8.007.20140506-1.mbs2.noarch.rpm
 0995e8539c804e5146da0e75d7a26031  mbs2/x86_64/egroupware-syncml-1.8.007.20140506-1.mbs2.noarch.rpm
 6f4a523abe8818c71327896b1e212326  mbs2/x86_64/egroupware-timesheet-1.8.007.20140506-1.mbs2.noarch.rpm
 6b309a26af38d62d817558e0658e3426  mbs2/x86_64/egroupware-tracker-1.8.007.20140506-1.mbs2.noarch.rpm
 dbdfa7fa5e27ea271d6addd9b52acfa8  mbs2/x86_64/egroupware-wiki-1.8.007.20140506-1.mbs2.noarch.rpm 
 c8da1009e22f6018fd784fc18aa63651  mbs2/SRPMS/egroupware-1.8.007.20140506-1.mbs2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVFmNDmqjQ0CJFipgRAtHlAKCtdE8cImMGN1YVYOmTaAd42jXNrQCgjOhw
XKQ6enfHyzG4jrDO2ndwLyg=
=0Ip3
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ