What Are You Looking For?

Sign Up

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1698-1                  security@debian.org
https://www.debian.org/security/                          Thijs Kinkhorst
January 09, 2009                      https://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : gforge
Vulnerability  : insufficient input sanitising
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2008-2381

It was discovered that GForge, a collaborative development tool,
insufficiently sanitises some input allowing a remote attacker to
perform SQL injection.

For the stable distribution (etch), this problem has been fixed in
version 4.5.14-22etch10.

For the testing (lenny) and unstable distribution (sid), this problem
has been fixed in version 4.7~rc2-7.

We recommend that you upgrade your gforge package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

      Size/MD5 checksum:  2161141 e85f82eff84ee073f80a2a52dd32c8a5
      Size/MD5 checksum:   199329 6414734bde3d1783cf0e2444132d64ff
      Size/MD5 checksum:   199610 73b60a0e768f798d14102b84e44cd9b1
      Size/MD5 checksum:      952 c2252c54ffade219203d006cdc64f91d
      Size/MD5 checksum:      950 157db49aeacbdbee525e922defce5f16

Architecture independent packages:

      Size/MD5 checksum:    80422 a9b65d4e911add81e36120fbc544f81c
      Size/MD5 checksum:   705076 633d26be5fa1f2ade140c7da64fa6e6c
      Size/MD5 checksum:   103914 676482196214c4a12639a02521c53a7d
      Size/MD5 checksum:   212550 85b6f53b1e4a4ead87d775f11c77b49a
      Size/MD5 checksum:   705018 90f3187e48801bb2ec2db79378d2a591
      Size/MD5 checksum:    76138 243c034e04e560bda6c36bdc9dc7c507
      Size/MD5 checksum:   212632 096dd8f5c46723d1380f9a167d6bb376
      Size/MD5 checksum:  1010976 9e60171c74bc627e73e062c30e169d7e
      Size/MD5 checksum:    86194 8bb823343c71101fa959b45765b597b6
      Size/MD5 checksum:    87206 ece177d2a29bad7645fd3814903b2e8b
      Size/MD5 checksum:    88566 6739e7cb336746e32645ed46f940e39f
      Size/MD5 checksum:  1011010 516e5203afff464172b02ffd5c30a89e
      Size/MD5 checksum:    88670 8562b858d5e691eed636c51ac97575fe
      Size/MD5 checksum:    88650 ffb7e94dfcde242e63727afcbb5cf541
      Size/MD5 checksum:    80324 a7a10e2bb6da8f71778d39885741d9d6
      Size/MD5 checksum:    89178 4e859efc65d23de82d8254476467a092
      Size/MD5 checksum:    76234 7c50c3c5583f68804979efd5adf2992a
      Size/MD5 checksum:    82138 3827dc51c27eeb10707339326e2af17c
      Size/MD5 checksum:    86392 ae8fc096931982372d6926e2633dbbd2
      Size/MD5 checksum:    89260 5508b317689cb6832109c3aed78cb58e
      Size/MD5 checksum:    95648 33598476706a7884652666ca2ca1af28
      Size/MD5 checksum:    86482 0508b738b4b48b9f0f60f732b1e91d74
      Size/MD5 checksum:    95592 1743291eb91467798186579f3aaf1d25
      Size/MD5 checksum:    87286 cda968a4ac1f7b4827fd3494334d31b6
      Size/MD5 checksum:    86104 e4ed2bb5eb3dd6571bf98ffbbe8042e6
      Size/MD5 checksum:    82230 e816404997ed010acc59c6662b483317
      Size/MD5 checksum:   103826 abd5c30fc9a5b6f8c5beb50056333688
      Size/MD5 checksum:    88752 579a75816591e7c458ad57dbf3c3b32f


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb https://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and https://packages.debian.org/

Debian: DSA-1698-1: New gforge packages fix SQL injection

January 9, 2009
It was discovered that GForge, a collaborative development tool, insufficiently sanitises some input allowing a remote attacker to perform SQL injection

Summary

For the stable distribution (etch), this problem has been fixed in
version 4.5.14-22etch10.

For the testing (lenny) and unstable distribution (sid), this problem
has been fixed in version 4.7~rc2-7.

We recommend that you upgrade your gforge package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch

Source archives:

Size/MD5 checksum: 2161141 e85f82eff84ee073f80a2a52dd32c8a5
Size/MD5 checksum: 199329 6414734bde3d1783cf0e2444132d64ff
Size/MD5 checksum: 199610 73b60a0e768f798d14102b84e44cd9b1
Size/MD5 checksum: 952 c2252c54ffade219203d006cdc64f91d
Size/MD5 checksum: 950 157db49aeacbdbee525e922defce5f16

Architecture independent packages:

Size/MD5 checksum: 80422 a9b65d4e911add81e36120fbc544f81c
Size/MD5 checksum: 705076 633d26be5fa1f2ade140c7da64fa6e6c
Size/MD5 checksum: 103914 676482196214c4a12639a02521c53a7d
Size/MD5 checksum: 212550 85b6f53b1e4a4ead87d775f11c77b49a
Size/MD5 checksum: 705018 90f3187e48801bb2ec2db79378d2a591
Size/MD5 checksum: 76138 243c034e04e560bda6c36bdc9dc7c507
Size/MD5 checksum: 212632 096dd8f5c46723d1380f9a167d6bb376
Size/MD5 checksum: 1010976 9e60171c74bc627e73e062c30e169d7e
Size/MD5 checksum: 86194 8bb823343c71101fa959b45765b597b6
Size/MD5 checksum: 87206 ece177d2a29bad7645fd3814903b2e8b
Size/MD5 checksum: 88566 6739e7cb336746e32645ed46f940e39f
Size/MD5 checksum: 1011010 516e5203afff464172b02ffd5c30a89e
Size/MD5 checksum: 88670 8562b858d5e691eed636c51ac97575fe
Size/MD5 checksum: 88650 ffb7e94dfcde242e63727afcbb5cf541
Size/MD5 checksum: 80324 a7a10e2bb6da8f71778d39885741d9d6
Size/MD5 checksum: 89178 4e859efc65d23de82d8254476467a092
Size/MD5 checksum: 76234 7c50c3c5583f68804979efd5adf2992a
Size/MD5 checksum: 82138 3827dc51c27eeb10707339326e2af17c
Size/MD5 checksum: 86392 ae8fc096931982372d6926e2633dbbd2
Size/MD5 checksum: 89260 5508b317689cb6832109c3aed78cb58e
Size/MD5 checksum: 95648 33598476706a7884652666ca2ca1af28
Size/MD5 checksum: 86482 0508b738b4b48b9f0f60f732b1e91d74
Size/MD5 checksum: 95592 1743291eb91467798186579f3aaf1d25
Size/MD5 checksum: 87286 cda968a4ac1f7b4827fd3494334d31b6
Size/MD5 checksum: 86104 e4ed2bb5eb3dd6571bf98ffbbe8042e6
Size/MD5 checksum: 82230 e816404997ed010acc59c6662b483317
Size/MD5 checksum: 103826 abd5c30fc9a5b6f8c5beb50056333688
Size/MD5 checksum: 88752 579a75816591e7c458ad57dbf3c3b32f


These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb https://security.debian.org/ stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and https://packages.debian.org/

Severity
It was discovered that GForge, a collaborative development tool,
insufficiently sanitises some input allowing a remote attacker to
perform SQL injection.

Related News

Cryptsetup Lands Support For OPAL Self Encrypting Drives

Aug 21, 2023

Ubuntu Core as an Immutable Linux Desktop Base

Jun 6, 2023

Mirai-based DDoS Attackers Aggressively Adopted New Router Exploits

Oct 10, 2023

What is LEMP Stack?

Sep 8, 2023

News

Advisories

HOWTOs

Features

Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses

About Us

Powered By

Footer Logo