lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 13 May 2010 22:14:54 +0200
From: Giuseppe Iuculano <>
Subject: [SECURITY] [DSA-2046-1] New phpgroupware packages
	fix several vulnerabilities

Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2046-1                                Giuseppe Iuculano
May 13, 2010                
- ------------------------------------------------------------------------

Package        : phpgroupware
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2010-0403 CVE-2010-0404

Several remote vulnerabilities have been discovered in phpgroupware, a
Web based groupware system written in PHP. The Common Vulnerabilities 
and Exposures project identifies the following problems:


A local file inclusion vulnerability allows remote attackers to execute
arbitrary PHP code and include arbitrary local files.


Multiple SQL injection vulnerabilities allows remote attackers to execute
arbitrary SQL commands.

For the stable distribution (lenny), these problems have been fixed in
version 1:

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems will be fixed soon.

We recommend that you upgrade your phpgroupware package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum: 19383160 bbfcfa12aca69b4032d7b4d38aeba85f
    Size/MD5 checksum:     1662 1a1ff2d6badf454ba2b948ee1268e57b
    Size/MD5 checksum:    74293 9ba66bc79bc0f5bb6454a3372bc2bfd8

Architecture independent packages:
    Size/MD5 checksum:    91562 51f6a2473368c6c21d19b8fd6349635f
    Size/MD5 checksum:  7985242 c19ed260050702c356c4d14db87e3f0d
    Size/MD5 checksum:    20158 c09431d20a4d833841340ea79e03854d
    Size/MD5 checksum:   281402 2fc54aa2367098332f67b846b17d8c7a
    Size/MD5 checksum:    48876 41cc095cbbc3bd97ae36754405df60b9
    Size/MD5 checksum:  1167580 4b63e0460fb590082a29391d26331b1e
    Size/MD5 checksum:  1529004 52216c8fa04c49ebf2d5d12aa6a8013a
    Size/MD5 checksum:    22522 783f747d25f32fe4024db807a0727261
    Size/MD5 checksum:     4726 0a3140a4bdc80c8b421ef865c1f730d3
    Size/MD5 checksum:   130240 dc11591ae411a496bc5828d88eaed65d
    Size/MD5 checksum:    50810 b632b74158236fea55b5014830c26369
    Size/MD5 checksum:    60432 8355e743ea535fbb8b5afef5bcb196bb
    Size/MD5 checksum:    93564 f44dbd8f6b2902d4980c4ec23d955d02
    Size/MD5 checksum:    41194 9ed410fd27d8e0c7430a90fa2eaabb70
    Size/MD5 checksum:   270288 ffa447f1b07658090d9acdec93ef31a5
    Size/MD5 checksum:   188302 84057847fe79ad066a751a0b5f1abef7
    Size/MD5 checksum:   176400 0294b85b1e34e7879edbc4ee832dfa43
    Size/MD5 checksum:    33074 95aff5b1efc3ba4eeb3a5756549ae070

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>
Version: GnuPG v1.4.10 (GNU/Linux)


Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists