drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in movabletype-opensource (Aktualisierung)
Name: |
Mehrere Probleme in movabletype-opensource (Aktualisierung) |
|
ID: |
DSA-2263-2 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian lenny, Debian squeeze |
|
Datum: |
Fr, 30. Dezember 2011, 14:04 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
Movable Type |
|
Update von: |
Mehrere Probleme in movabletype-opensource |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- ------------------------------------------------------------------------- Debian Security Advisory DSA-2263-2 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst December 30, 2011 http://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : movabletype-opensource Vulnerability : several Problem type : remote Debian-specific: no CVE ID : not yet available Debian Bug : 627936
Advisory DSA 2363-1 did not include a package for the Debian 5.0 'Lenny' suite at that time. This update adds that package. The original advisory text follows.
It was discovered that Movable Type, a weblog publishing system, contains several security vulnerabilities:
A remote attacker could execute arbitrary code in a logged-in users' web browser.
A remote attacker could read or modify the contents in the system under certain circumstances.
For the oldstable distribution (lenny), these problems have been fixed in version 4.2.3-1+lenny3.
For the stable distribution (squeeze), these problems have been fixed in version 4.3.5+dfsg-2+squeeze2.
For the testing distribution (wheezy) and for the unstable distribution (sid), these problems have been fixed in version 4.3.6.1+dfsg-1.
We recommend that you upgrade your movabletype-opensource packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJO/W15AAoJEOxfUAG2iX579YAH/iHvmSvkzHQj5mrg48eEw8XI RCWvrYvCmnvPSJWia0c0p66KuncfABjWO3vN2MQR231TYlFH1UXGhwDQ6pyIxM9S jjvxmpoJD3DJm9VDlviSJfUulz9f47xyNbOMnB1griTlueOotYZR98B3MnbYzaB/ hemCTK7eC5tHgUj2LK3iVClmmL+OL9ykhFT7gYwJ+k4SX7zh82jrvghzktFoM9RV nbsVx6uqI341SVIuM/hbDuIHhWnobSPZyEcGEXoU1YcojezwLz/HMyEm929OsWTl t0SurJvEEGvSQwiIO1cp0/S9txZZtuZQrLFpnFBdnC5YFihdM8TQN2sIZ0y3izA= =E15M -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/20111230075223.05D6859DF0@kinkhorst.com
|
|
|
|