Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in eGroupware
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in eGroupware
ID: MDVSA-2015:087
Distribution: Mandriva
Plattformen: Mandriva Business Server 2.0
Datum: Sa, 28. März 2015, 11:02
Referenzen: http://advisories.mageia.org/MGASA-2014-0116.html
http://advisories.mageia.org/MGASA-2014-0221.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2027

Originalnachricht

This is a multi-part message in MIME format...

------------=_1427534311-3111-9

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:087
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : egroupware
Date : March 28, 2015
Affected: Business Server 2.0
_______________________________________________________________________

Problem Description:

Updated egroupware packages fix security vulnerabilities:

eGroupware prior to 1.8.006.20140217 is vulnerable to remote file
deletion and possible remote code execution due to user input being
passed to PHP's unserialize() method (CVE-2014-2027).

eGroupWare before 1.8.007 allows logged in users with administrative
priviledges to remotely execute arbitrary commands on the server.
It is also vulnerable to a cross site request forgery vulnerability
that allows creating new administrative users.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2027
http://advisories.mageia.org/MGASA-2014-0116.html
http://advisories.mageia.org/MGASA-2014-0221.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 2/X86_64:
cf4a9bb8ef30cf74a7e8104eaed1e5ea
mbs2/x86_64/egroupware-1.8.007.20140506-1.mbs2.noarch.rpm
7d471a1f7934338d9c17c39aed046a92
mbs2/x86_64/egroupware-bookmarks-1.8.007.20140506-1.mbs2.noarch.rpm
bca49e4c9f90170d049e0f573736553f
mbs2/x86_64/egroupware-calendar-1.8.007.20140506-1.mbs2.noarch.rpm
3195fb6185b0db015c68eeed25391fea
mbs2/x86_64/egroupware-developer_tools-1.8.007.20140506-1.mbs2.noarch.rpm
e9f33f46b78933cc7c7c054be6f1bc18
mbs2/x86_64/egroupware-egw-pear-1.8.007.20140506-1.mbs2.noarch.rpm
8298f11458f4d6ab41a76842990c9b88
mbs2/x86_64/egroupware-emailadmin-1.8.007.20140506-1.mbs2.noarch.rpm
8395d7c10874355e37d93af463a912c0
mbs2/x86_64/egroupware-felamimail-1.8.007.20140506-1.mbs2.noarch.rpm
79b36d573ccaedd8ad098054d6ac662f
mbs2/x86_64/egroupware-filemanager-1.8.007.20140506-1.mbs2.noarch.rpm
e931484776456c96ad3f7c2a98991904
mbs2/x86_64/egroupware-gallery-1.8.007.20140506-1.mbs2.noarch.rpm
0e6028e764cfcbe9adc7e2d429e1bcfa
mbs2/x86_64/egroupware-importexport-1.8.007.20140506-1.mbs2.noarch.rpm
4026fb77115740ac83b194b4051fec80
mbs2/x86_64/egroupware-infolog-1.8.007.20140506-1.mbs2.noarch.rpm
95d30157cd8d0cbf6c65442ad20e26ae
mbs2/x86_64/egroupware-manual-1.8.007.20140506-1.mbs2.noarch.rpm
f9f5395813df6b06711304342fcbbd43
mbs2/x86_64/egroupware-news_admin-1.8.007.20140506-1.mbs2.noarch.rpm
5e67c67c9fd0eb7308d6f268ac8506ab
mbs2/x86_64/egroupware-notifications-1.8.007.20140506-1.mbs2.noarch.rpm
921e180cc7b2c6d2de58e2b5dc877a2f
mbs2/x86_64/egroupware-phpbrain-1.8.007.20140506-1.mbs2.noarch.rpm
bf3d6323441283889833de12eda53b1a
mbs2/x86_64/egroupware-phpsysinfo-1.8.007.20140506-1.mbs2.noarch.rpm
675ea8d94c058a0c048b0784128f3bc1
mbs2/x86_64/egroupware-polls-1.8.007.20140506-1.mbs2.noarch.rpm
4488bb434ff2cee958198a62cd75915d
mbs2/x86_64/egroupware-projectmanager-1.8.007.20140506-1.mbs2.noarch.rpm
b1af84b4ee06f528c1bbb2026a1371c5
mbs2/x86_64/egroupware-registration-1.8.007.20140506-1.mbs2.noarch.rpm
5a4b0422fcf415cf7dbb67677aea4e69
mbs2/x86_64/egroupware-sambaadmin-1.8.007.20140506-1.mbs2.noarch.rpm
8ad55477e0043a97b98c312f996e1b89
mbs2/x86_64/egroupware-sitemgr-1.8.007.20140506-1.mbs2.noarch.rpm
0995e8539c804e5146da0e75d7a26031
mbs2/x86_64/egroupware-syncml-1.8.007.20140506-1.mbs2.noarch.rpm
6f4a523abe8818c71327896b1e212326
mbs2/x86_64/egroupware-timesheet-1.8.007.20140506-1.mbs2.noarch.rpm
6b309a26af38d62d817558e0658e3426
mbs2/x86_64/egroupware-tracker-1.8.007.20140506-1.mbs2.noarch.rpm
dbdfa7fa5e27ea271d6addd9b52acfa8
mbs2/x86_64/egroupware-wiki-1.8.007.20140506-1.mbs2.noarch.rpm
c8da1009e22f6018fd784fc18aa63651
mbs2/SRPMS/egroupware-1.8.007.20140506-1.mbs2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVFmNDmqjQ0CJFipgRAtHlAKCtdE8cImMGN1YVYOmTaAd42jXNrQCgjOhw
XKQ6enfHyzG4jrDO2ndwLyg=
=0Ip3
-----END PGP SIGNATURE-----


------------=_1427534311-3111-9
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________


------------=_1427534311-3111-9--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung