lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1RuTq9-0005Ei-TT@titan.mandriva.com>
Date: Mon, 06 Feb 2012 20:03:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2012:014 ] glpi

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:014
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : glpi
 Date    : February 6, 2012
 Affected: Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in GLPI:
 
 The autocompletion functionality in GLPI before 0.80.2 does not
 blacklist certain username and password fields, which allows remote
 attackers to obtain sensitive information via a crafted POST request
 (CVE-2011-2720).
 
 This advisory provides the latest version of GLPI (0.80.6) which are
 not vulnerable to this issue. Additionally the latest versions of
 the corresponding plugins are also being provided.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2720
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 c7f395789eb64eb9e0ffc4342a99ed55  mes5/i586/glpi-0.80.6-0.1mdvmes5.2.noarch.rpm
 078100b3f360e6582e87298a81145f1a  mes5/i586/glpi-plugin-archires-1.9.1-0.1mdvmes5.2.noarch.rpm
 53890496416d72fdd51b2057ae1a1f3c  mes5/i586/glpi-plugin-datainjection-2.1.2-0.1mdvmes5.2.noarch.rpm
 a708034532f947e7a63af7c2c621d0ce  mes5/i586/glpi-plugin-fusioninventory-2.4.0-0.1mdvmes5.2.noarch.rpm
 fd71716b4725f241bd4f0e84a8758202  mes5/i586/glpi-plugin-fusioninventory-deploy-2.4.0-0.1mdvmes5.2.noarch.rpm
 00c3905d1ebe05f496302681371b5caa  mes5/i586/glpi-plugin-fusioninventory-inventory-2.4.0-0.1mdvmes5.2.noarch.rpm
 4e34bd20f1e30ef96ea5dfcf0a8fe7cb  mes5/i586/glpi-plugin-fusioninventory-snmp-2.4.0-0.1mdvmes5.2.noarch.rpm
 cd03c2b5099971e730f17dc9d882a564  mes5/i586/glpi-plugin-genericobject-2.0.1-0.1mdvmes5.2.noarch.rpm
 8964b51517e131d3f07a0ee4bc38ef22  mes5/i586/glpi-plugin-manufacturersimports-1.4.1-0.1mdvmes5.2.noarch.rpm
 b3c462fef41e1878b41f7355a84d59e4  mes5/i586/glpi-plugin-massocsimport-1.5.2-0.1mdvmes5.2.noarch.rpm
 2301fd4253cfdfc61422f2defabe6cb6  mes5/i586/glpi-plugin-racks-1.2.0-0.1mdvmes5.2.noarch.rpm
 f0f0842991e24b58c0e348dbd836d767  mes5/i586/glpi-plugin-reports-1.5.0-0.1mdvmes5.2.noarch.rpm
 7288cd69af6d5848a373b2628c69bc66  mes5/i586/glpi-plugin-webservices-1.2.0-0.1mdvmes5.2.noarch.rpm
 955fbca4fe60125b3e19bac2fb333376  mes5/i586/perl-Parallel-ForkManager-0.7.9-0.1mdvmes5.2.noarch.rpm 
 1d11c45cea71dd7730eee4439f48ef05  mes5/SRPMS/glpi-0.80.6-0.1mdvmes5.2.src.rpm
 87c1748b9a0391655babc46ff5b85405  mes5/SRPMS/glpi-plugin-archires-1.9.1-0.1mdvmes5.2.src.rpm
 af029f6e1c9397d9e48c8f5bbe4169c3  mes5/SRPMS/glpi-plugin-datainjection-2.1.2-0.1mdvmes5.2.src.rpm
 0776abf6bf577c5250898152c306b6e6  mes5/SRPMS/glpi-plugin-fusioninventory-2.4.0-0.1mdvmes5.2.src.rpm
 332327381f568a1874959649c4c90d10  mes5/SRPMS/glpi-plugin-genericobject-2.0.1-0.1mdvmes5.2.src.rpm
 23fe81b495620dd3b585c379159a4356  mes5/SRPMS/glpi-plugin-manufacturersimports-1.4.1-0.1mdvmes5.2.src.rpm
 f278b793d1da40e30d5ca6b48dd10d57  mes5/SRPMS/glpi-plugin-massocsimport-1.5.2-0.1mdvmes5.2.src.rpm
 d1ae9d8e59075559ff9bf258585142de  mes5/SRPMS/glpi-plugin-racks-1.2.0-0.1mdvmes5.2.src.rpm
 afb9113a0043b01cd6ae20aee54836d0  mes5/SRPMS/glpi-plugin-reports-1.5.0-0.1mdvmes5.2.src.rpm
 4cb6f5e63f60eb123e9c934f26361b13  mes5/SRPMS/glpi-plugin-webservices-1.2.0-0.1mdvmes5.2.src.rpm
 fadf8996860cde48a9b22aa3d20173eb  mes5/SRPMS/perl-Parallel-ForkManager-0.7.9-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 e29fd9e505428488ebdc44bbd9a8ef85  mes5/x86_64/glpi-0.80.6-0.1mdvmes5.2.noarch.rpm
 736f66685b8abf7bd50d991467641c4f  mes5/x86_64/glpi-plugin-archires-1.9.1-0.1mdvmes5.2.noarch.rpm
 6b729ce24cf97bdedc4592222899df51  mes5/x86_64/glpi-plugin-datainjection-2.1.2-0.1mdvmes5.2.noarch.rpm
 b38dff9e035640be7e391fff3b353bfd  mes5/x86_64/glpi-plugin-fusioninventory-2.4.0-0.1mdvmes5.2.noarch.rpm
 7b27d4ece0c54032c55602a1688ecbd7  mes5/x86_64/glpi-plugin-fusioninventory-deploy-2.4.0-0.1mdvmes5.2.noarch.rpm
 b153b807be6f6e1ed585e656ccb0fa20  mes5/x86_64/glpi-plugin-fusioninventory-inventory-2.4.0-0.1mdvmes5.2.noarch.rpm
 b75527a8b2bbc79bb7f441465f3962e2  mes5/x86_64/glpi-plugin-fusioninventory-snmp-2.4.0-0.1mdvmes5.2.noarch.rpm
 7a1758ad413b72d537bf623697751ceb  mes5/x86_64/glpi-plugin-genericobject-2.0.1-0.1mdvmes5.2.noarch.rpm
 bbc1b138b488a08f4d67fb077808892e  mes5/x86_64/glpi-plugin-manufacturersimports-1.4.1-0.1mdvmes5.2.noarch.rpm
 892a7f48b8e809a8746b564f85b13a92  mes5/x86_64/glpi-plugin-massocsimport-1.5.2-0.1mdvmes5.2.noarch.rpm
 6cad8a2f9f8c17135f996317d5e23845  mes5/x86_64/glpi-plugin-racks-1.2.0-0.1mdvmes5.2.noarch.rpm
 95c066f7b2f13b06332da9807ebdeef5  mes5/x86_64/glpi-plugin-reports-1.5.0-0.1mdvmes5.2.noarch.rpm
 4d19a6dda012a3c7599e133b93728d80  mes5/x86_64/glpi-plugin-webservices-1.2.0-0.1mdvmes5.2.noarch.rpm
 d786be82c4669422ab2b67e6cdbe6fe7  mes5/x86_64/perl-Parallel-ForkManager-0.7.9-0.1mdvmes5.2.noarch.rpm 
 1d11c45cea71dd7730eee4439f48ef05  mes5/SRPMS/glpi-0.80.6-0.1mdvmes5.2.src.rpm
 87c1748b9a0391655babc46ff5b85405  mes5/SRPMS/glpi-plugin-archires-1.9.1-0.1mdvmes5.2.src.rpm
 af029f6e1c9397d9e48c8f5bbe4169c3  mes5/SRPMS/glpi-plugin-datainjection-2.1.2-0.1mdvmes5.2.src.rpm
 0776abf6bf577c5250898152c306b6e6  mes5/SRPMS/glpi-plugin-fusioninventory-2.4.0-0.1mdvmes5.2.src.rpm
 332327381f568a1874959649c4c90d10  mes5/SRPMS/glpi-plugin-genericobject-2.0.1-0.1mdvmes5.2.src.rpm
 23fe81b495620dd3b585c379159a4356  mes5/SRPMS/glpi-plugin-manufacturersimports-1.4.1-0.1mdvmes5.2.src.rpm
 f278b793d1da40e30d5ca6b48dd10d57  mes5/SRPMS/glpi-plugin-massocsimport-1.5.2-0.1mdvmes5.2.src.rpm
 d1ae9d8e59075559ff9bf258585142de  mes5/SRPMS/glpi-plugin-racks-1.2.0-0.1mdvmes5.2.src.rpm
 afb9113a0043b01cd6ae20aee54836d0  mes5/SRPMS/glpi-plugin-reports-1.5.0-0.1mdvmes5.2.src.rpm
 4cb6f5e63f60eb123e9c934f26361b13  mes5/SRPMS/glpi-plugin-webservices-1.2.0-0.1mdvmes5.2.src.rpm
 fadf8996860cde48a9b22aa3d20173eb  mes5/SRPMS/perl-Parallel-ForkManager-0.7.9-0.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPL/hKmqjQ0CJFipgRAmPqAJ9z3UK7UzfWJy5qax1St6uY3ZAM/ACg6v7T
3Z9myGeq0S6DAqIk3ctP1Cs=
=TLKh
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ