Debian DSA 265-1: Remote Access And XSS Threats Fixed In Bonsai
debian
March 21, 2003
Several security related bugs have been fix in bonsai.
Summary
Rémi Perrot fixed several security related bugs in the bonsai, the
Mozilla CVS query tool by web interface. Vulnerabilities include
arbitrary code execution, cross-site scripting and access to
configuration parameters. The Common Vulnerabilities and Exposures
project identifies the following problems:
* CAN-2003-0152 - Remote execution of arbitrary commands as www-data
* CAN-2003-0153 - Absolute path disclosure
* CAN-2003-0154 - Cross site scriptiong attacks
* CAN-2003-0155 - Unauthenticated access to parameters page
For the stable distribution (woody) these problems have been fixed in
version 1.3+cvs20020224-1woody1.
The old stable distribution (potato) is not affected since it doesn't
contain bonsai.
For the unstable distribution (sid) these problems have been fixed in
version 1.3+cvs20030317-1.
We recommend that you upgrade your bonsai package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: bonsai
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!