Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in phpgroupware
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in phpgroupware
ID: DSA-1063-1
Distribution: Debian
Plattformen: Debian woody, Debian sarge
Datum: Sa, 20. Mai 2006, 00:39
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2781
Applikationen: phpGroupWare

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1063-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 8th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : phpgroupware
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2005-2781
Debian Bug : 340094

It was discovered that the Avatar upload feature of FUD Forum, a component
of the web based groupware system phpgroupware, does not sufficiently
validate uploaded files, which might lead to the execution of injected web
script code.

For the old stable distribution (woody) this problem has been fixed in
version 0.9.14-0.RC3.2.woody6.

For the stable distribution (sarge) this problem has been fixed in
version 0.9.16.005-3.sarge5.

For the unstable distribution (sid) this problem has been fixed in
version 0.9.16.009-1.

We recommend that you upgrade your XXXXXXXXXXXXXX package.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

phpgroupware_0.9.14-0.RC3.2.woody6.dsc
Size/MD5 checksum: 1650 a8b4043505ade9c7a892de2e20b4bafc
phpgroupware_0.9.14-0.RC3.2.woody6.diff.gz
Size/MD5 checksum: 451095 1f7bc2394a54e08b7f82dd690cc4ed21
phpgroupware_0.9.14.orig.tar.gz
Size/MD5 checksum: 8356188 22e715d0884d09aa848d694701a85b6b

Architecture independent components:

phpgroupware-addressbook_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 81862 c83e9f68579859233adb176f8ac697a9
phpgroupware-admin_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 144016 baaa556e24d3149fc83d9a272e8e3961
phpgroupware-api-doc_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 283966 f18bcc2a0583743389f9475603352125
phpgroupware-api_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 2119202 3367647a848bff937e1a4a04f3767641
phpgroupware-bookkeeping_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 42312 c865ae750a2bc4da1be3f551920484f6
phpgroupware-bookmarks_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 119318 af55f928a97ef990e1c6e354cfc28e01
phpgroupware-brewer_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 63534 50b23905605d7131e94c7ad2349c1998
phpgroupware-calendar_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 228288 ce5ac5c015d54d668d4be55fc783e91c
phpgroupware-chat_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 19962 4149327bd8be5a28c490127a76d7ad4e
phpgroupware-chora_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 61118 0eec344f5b3030810a55785985aada1f
phpgroupware-comic_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 328194 29a36cde3d2a100bd355c2262757d429
phpgroupware-core-doc_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 91356 3179e28ad0944b073a9556a9700a6d0f
phpgroupware-core_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 19716 59489a7babcca3d9a65a53b7e486dace
phpgroupware-developer-tools_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 42144 c56b7fcd24f0a75243dfd78092788e1f
phpgroupware-dj_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 46616 ba2190be42e7ca3fdaa19534cae41c07
phpgroupware-eldaptir_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 51530 03bb01bd9783b455ab1e258fdf51a850
phpgroupware-email_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 321562 a5f661a20c8f71ef3f960c6b275791a5
phpgroupware-filemanager_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 38424 8da10b1cea7ab4b26b0e7319809ca2a6
phpgroupware-forum_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 49492 27dbafd16f64ca2b6cafce8a9e31a012
phpgroupware-ftp_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 40582 a694f888dd1c9faf277ff3dac6779391
phpgroupware-headlines_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 60080 33f9f53fbf69922ceccfb934147c5536
phpgroupware-hr_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 24282 bbc8338af95bb3dfe5ed5f245e7e2361
phpgroupware-img_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 39490 e499d726cb8fd44687ec60d5c9aba018
phpgroupware-infolog_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 94906 9deea6e659fe8f2ad5b0cfb8845c1140
phpgroupware-inv_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 94638 996a46ec1031c2c7d4f8b25a5711f898
phpgroupware-manual_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 88020 43c918d2491116d3ed5d1afac35e3b8d
phpgroupware-messenger_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 30352 8b3e2fdc1611420f0a4b36f9a629e1e1
phpgroupware-napster_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 26128 d429474ab6f1f62ccbebe7d6bf69b84f
phpgroupware-news-admin_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 31958 d88a64deced5224ef510337c8fb2b37c
phpgroupware-nntp_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 43152 36471891daedb198174670cc45e9e17b
phpgroupware-notes_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 28012 68f892fff5c0bc650b6d06219c5071b1
phpgroupware-phonelog_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 22244 35c169e88342d64ab6781160a901ece3
phpgroupware-phpsysinfo_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 36306 fa861bb756acc40636ea706ece0c92d1
phpgroupware-phpwebhosting_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 62812 995809a1b7149fedb3d578b15d62be76
phpgroupware-polls_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 30082 98dd710444d52714d96f8aa89d24b1cd
phpgroupware-preferences_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 46600 43a1a95d47485d078515fec1aed5d3fb
phpgroupware-projects_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 91878 cc03405f78d2b929973d5ef914504c90
phpgroupware-registration_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 36120 2b2b7ed023cc258f32ea1cd0e699f913
phpgroupware-setup_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 279126 73265213a9f60f3267b46968b42f8df6
phpgroupware-skel_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 31564 564f37d66805e04a26a6ce3154e50bbf
phpgroupware-soap_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 23252 e3be2988fa1890c7580b3cd7f21e3533
phpgroupware-stocks_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 27340 c310f90223fa6bbced6537ae92f46c51
phpgroupware-todo_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 44404 98fb8fc7f8bfee0717fe8ee475a63b78
phpgroupware-tts_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 47478 99adaaf6b131f282c38f0f6711754c2a
phpgroupware-wap_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 28128 68691199be7926d49f68b298ecd24350
phpgroupware-weather_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 490608 496e73830ca02ef1cc83fb3dfe8e0864
phpgroupware-xmlrpc_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 75408 e8c14fc499ea27338e36089848a254f6
phpgroupware_0.9.14-0.RC3.2.woody6_all.deb
Size/MD5 checksum: 26124 281f88a4cde750eee219505221900e2e


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

phpgroupware_0.9.16.005-3.sarge5.dsc
Size/MD5 checksum: 1615 d6ff7ee4f27c1e71f8c24714259c92f0
phpgroupware_0.9.16.005-3.sarge5.diff.gz
Size/MD5 checksum: 37120 646f51af59284af7a56dfb2034b975a4
phpgroupware_0.9.16.005.orig.tar.gz
Size/MD5 checksum: 19442629 5edd5518e8f77174c12844f9cfad6ac4

Architecture independent components:

phpgroupware-addressbook_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 177350 059a4f9088e5a73a398709c4cd1e9ae5
phpgroupware-admin_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 186820 74627f648e024d301b0ec28334f30cba
phpgroupware-bookmarks_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 102450 8852560a5d2d32c2295a00d7e337b171
phpgroupware-calendar_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 323468 a3f5952793046329c17449929b9e27f0
phpgroupware-chat_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 23404 671e9521ae7dd2eafb6310a9b3698726
phpgroupware-comic_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 434428 ec345b6fea4caedf74114303c932c18a
phpgroupware-core_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 6734 b5383388f8cc10905e580e61445b74ba
phpgroupware-developer-tools_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 33700 e750df7f3d5378f7eb6e676fc6ac89a7
phpgroupware-dj_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 43818 5b99542b96311a6566fa3d4f0c4e53ad
phpgroupware-eldaptir_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 51138 9f35d918c797e7fa13e5a28332c6c8bb
phpgroupware-email_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 1118766 024023c08417e65a93f4fa20f7218371
phpgroupware-etemplate_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 1328590 8e0e87d0ff306fb2e98ca082ff19959d
phpgroupware-felamimail_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 180404 ecba72e7f8d958e601a6cbeaf331c8d5
phpgroupware-filemanager_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 92834 7cbd5e350e05459c28455ea848f1b55e
phpgroupware-folders_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 168034 3b7c560361c6e09fdc82aeafd94f3d93
phpgroupware-forum_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 45968 b9950d52d1cd59275a8b517786c66ef9
phpgroupware-ftp_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 36764 4cb2c03804b12f0318c014410ba67d37
phpgroupware-fudforum_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 1353484 b6776109aa02a77a302d42d2b1ff6d64
phpgroupware-headlines_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 63788 cbf7dca72a19a8117d3da9b6748635d6
phpgroupware-hr_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 19012 66ac8b34ac3e959d5aa968a4022fad47
phpgroupware-img_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 8818 bd7c9bbcbc6ca7bba18f687738dd0c41
phpgroupware-infolog_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 138000 a0ec85e1855b045975924ff77cded820
phpgroupware-manual_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 90610 e4a798fda79fec686e95be27626780c3
phpgroupware-messenger_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 26204 54855b055ff79692182c16f2546ce329
phpgroupware-news-admin_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 41888 44a37e4636e20add04e1f90442e361ae
phpgroupware-nntp_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 48100 e81ae8bcb802d62640c5d13402ac21be
phpgroupware-notes_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 35160 89464f64577aa51614e92d3a2223d07c
phpgroupware-phonelog_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 20854 310cd0434e142ae17f5d63e37ab019a8
phpgroupware-phpbrain_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 40954 9895ddf81d2f9ff3031f7b6dcf911776
phpgroupware-phpgwapi_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 9681698 c8c2dcb50f04c90b90a2808f9525c295
phpgroupware-phpsysinfo_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 116874 e9fcfb252f6b2cc5eabe060671341f2c
phpgroupware-polls_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 31746 d9c9e86eb7b2b02c1326656fe19b9c6d
phpgroupware-preferences_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 60204 ae5476756abb23558836d5eaea8e75ea
phpgroupware-projects_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 121300 2c14c91d5ac606a6f3253c4272521bf4
phpgroupware-qmailldap_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 23672 301559d88df74fbe8ce20044a10b0f31
phpgroupware-registration_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 30406 de9bcb93731c4e31f67cbb49c9cfcb06
phpgroupware-setup_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 269572 32fd6d497b2cc55e0888e2077e8d7553
phpgroupware-sitemgr_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 903156 874cf242e0b305ab8aacb8f0b39407df
phpgroupware-skel_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 19280 73547d5f8ebdb7385858be732e626af2
phpgroupware-soap_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 24210 9fdeec524b9799028cd7fd578c381cf3
phpgroupware-stocks_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 22160 a57c2163515d871fdc10fafffbf3b4b0
phpgroupware-todo_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 51368 55a81bf8b3a735ff1983921559b3ee8d
phpgroupware-tts_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 56656 bfadbbfc98e5e17379fdb6ccc4579bfd
phpgroupware-wiki_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 70024 653b3c506ef70a1e4c5be3963bce0464
phpgroupware-xmlrpc_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 62630 40fcea9ac89a29f93059388a6888f1a6
phpgroupware_0.9.16.005-3.sarge5_all.deb
Size/MD5 checksum: 156932 d6137dc278256b9ed8e63089238e6b88


These files will probably be moved into the stable distribution on
its next update.

-
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEbkETXm3vHE4uyloRAkRoAJ4oVEcy2WX8DXq5pz/LpNYqimRvqwCdHnwC
70zf6lKLi+sWiXgxG6xIX/Q=
=N+IE
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung