drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in gforge
Name: |
Ausführen beliebiger Kommandos in gforge |
|
ID: |
DTSA-57-1 |
|
Distribution: |
Debian Testing |
|
Plattformen: |
Debian testing |
|
Datum: |
Fr, 7. September 2007, 22:33 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3913 |
|
Applikationen: |
gforge |
|
Originalnachricht |
--===============4051758558170890252== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="h31gzZEtNLTqOjlF" Content-Disposition: inline
--h31gzZEtNLTqOjlF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
- -------------------------------------------------------------------------- Debian Testing Security Advisory DTSA-57-1 September 9th, 2007 secure-testing-team at lists.alioth.debian.org Nico Golde http://secure-testing-master.debian.net/ - --------------------------------------------------------------------------
Package : gforge Vulnerability : sql injection Problem-Scope : remote Debian-specific: no CVE ID : CVE-2007-3913
The gforge collaborative development environment is prone to an SQL injection due to insufficient input sanitizing.
For the testing distribution (lenny) this is fixed in version 4.5.14-23lenny2
For the unstable distribution (sid) this is fixed in version 4.6.99+svn6086-1
This upgrade is recommended if you use gforge (gforge-web-apache).
Upgrade Instructions - --------------------
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
deb http://security.debian.org/ testing/updates main contrib non-free deb-src http://security.debian.org/ testing/updates main contrib non-free
To install the update, run this command as root:
apt-get update && apt-get upgrade
For further information about the Debian testing security team, please refer to http://secure-testing-master.debian.net/
--h31gzZEtNLTqOjlF Content-Type: application/pgp-signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG4bIDHYflSXNkfP8RArKgAKC4Iw1rEpXH2/qHHrvpZKXv8Wzm0gCbBbQW d+u9e3PHl3TfO/RxWoNdfBc= =FoS6 -----END PGP SIGNATURE-----
--h31gzZEtNLTqOjlF--
--===============4051758558170890252== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
_______________________________________________ secure-testing-announce mailing list secure-testing-announce@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-announce --===============4051758558170890252==--
|
|
|
|