lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <E1DrfoR-0004BA-00@klecker.debian.org> Date: Sun Jul 10 18:42:06 2005 From: mstone at klecker.debian.org (Michael Stone) Subject: [SECURITY] [DSA 747-1] New egroupware packages fix remote command execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 747-1 security@...ian.org http://www.debian.org/security/ Michael Stone July 10, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : egroupware Vulnerability : remote command execution Problem type : input validation error Debian-specific: no CVE Id(s) : CAN-2005-1921 A vulernability has been identified in the xmlrpc library included in the egroupware package. This vulnerability could lead to the execution of arbitrary commands on the server running egroupware. The old stable distribution (woody) did not include egroupware. For the current stable distribution (sarge), this problem is fixed in version 1.0.0.007-2.dfsg-2sarge1. For the unstable distribution (sid), this problem is fixed in version 1.0.0.007-3.dfsg-1. We recommend that you upgrade your egroupware package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 3.1 (sarge) - ------------------ sarge was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg.orig.tar.gz Size/MD5 checksum: 12699187 462f5ea377c4d0c04f16ffe8037b9d6a http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge1.diff.gz Size/MD5 checksum: 33321 2ae91aca7f89d1f3d5f725fa09384ed8 http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge1.dsc Size/MD5 checksum: 1285 1849e8a4639068df7ac9f8f72272ef86 Architecture independent packages: http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 4212 6edb07699896314d8c0ce641e2228cc5 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-forum_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 51144 e611af77c5bd0c4b75cd9227ca50e115 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-ftp_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 37840 78e388f8967593e544992cc18fc47096 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-sitemgr_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 486306 ff7956754ab17b48938bc290171ab6c6 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-jinn_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 204810 0f4c3f9ce74980dc5102bbabb2909b49 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-stocks_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 26322 88c9d54ae0e23842f0b59b3cdc3de55f http://security.debian.org/pool/updates/main/e/egroupware/egroupware-news-admin_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 50530 d9407cff76325b2e597d30b16b55f35b http://security.debian.org/pool/updates/main/e/egroupware/egroupware-emailadmin_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 37916 a0c6fc6f8c2138e8377dc24933a45772 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-addressbook_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 148770 d96b5a43c0a29dd8dbc13d001831a45c http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpsysinfo_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 115750 d94de6dbaf9135a6fb45a1f01ffc09f4 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-manual_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 17100 2b837171f92886b79dab136b4cbed1b0 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-filemanager_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 172670 e35d2a3af12432147711a39e31d0a194 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-tts_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 92442 a1e6eacb42d3cf26bc2fe22086ee2332 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-comic_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 255838 b00219a9f18f65b56cde18564dbcdfc6 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-fudforum_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 1486218 7b8b470bf2a5f2279a322723ff74d031 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-infolog_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 202082 ef4836ce08f0edfba3d7d2dee6f13225 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-bookmarks_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 124930 bfdacc1755efb6e43133808bf77a1200 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpbrain_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 119060 6588409cc9526dca31479a4d1a464cb6 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-core_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 3771642 078dcb7065c3ced38e7e837d15003dde http://security.debian.org/pool/updates/main/e/egroupware/egroupware-messenger_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 31966 3f1306aa4e31ce8518a967d5b6c8de23 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-etemplate_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 1363034 bdc3797f41136a032488e458e090b729 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-calendar_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 382010 4725c5ad39c9abf8ab116f8a5dd0bb57 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-headlines_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 74732 2a08f46a7af3a0084426e317ffacf083 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-ldap_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 6942 2504ff9fa488181edfd5484ebab583b0 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-wiki_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 92404 18e426330d98178d6acf7b1f04e7a616 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-email_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 1243590 14104d7117c1ddcfe4013e64cdf4f427 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-projects_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 302036 275669f1b8eae13a4fa091423506aa65 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpldapadmin_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 139354 664038c40ad93e64daf975e5e50d3550 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-felamimail_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 275144 361b4166509e4dd861c907c2f9f846f5 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-polls_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 35878 069b89e524f57fff58dfa91e19380ee0 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-registration_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 99618 264116d3f03eddeae48e2ac1b5e74bb0 http://security.debian.org/pool/updates/main/e/egroupware/egroupware-developer-tools_1.0.0.007-2.dfsg-2sarge1_all.deb Size/MD5 checksum: 53220 de815addc18f090c263b582db7025af3 - ------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@...ts.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iQCVAwUBQtFdYg0hVr09l8FJAQJn5QP/W3BxmQKGz9C7u9zG7G9kTgO8lmZSy99E 98nwM3puUkDU5na4Mx3OSiNJ/RsNP/8PwwRVhX/CCQ8n4e+BloX9zCfY1TGFKZI9 BYFU00zrRGjOXyJ0ulHtIhaXcLiGJsxvfVcC5jQkvuzJhqirewc24uZu3gmoEJw7 7l4KF2r8Gts= =rdLU -----END PGP SIGNATURE-----
Powered by blists - more mailing lists