Debian: DSA-1698-1: New gforge packages fix SQL injection

    Date09 Jan 2009
    CategoryDebian
    23
    Posted ByLinuxSecurity Advisories
    It was discovered that GForge, a collaborative development tool, insufficiently sanitises some input allowing a remote attacker to perform SQL injection.
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1698-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                          Thijs Kinkhorst
    January 09, 2009                      http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : gforge
    Vulnerability  : insufficient input sanitising
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2008-2381
    
    It was discovered that GForge, a collaborative development tool,
    insufficiently sanitises some input allowing a remote attacker to
    perform SQL injection.
    
    For the stable distribution (etch), this problem has been fixed in
    version 4.5.14-22etch10.
    
    For the testing (lenny) and unstable distribution (sid), this problem
    has been fixed in version 4.7~rc2-7.
    
    We recommend that you upgrade your gforge package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14.orig.tar.gz
        Size/MD5 checksum:  2161141 e85f82eff84ee073f80a2a52dd32c8a5
      http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch9.diff.gz
        Size/MD5 checksum:   199329 6414734bde3d1783cf0e2444132d64ff
      http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch10.diff.gz
        Size/MD5 checksum:   199610 73b60a0e768f798d14102b84e44cd9b1
      http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch10.dsc
        Size/MD5 checksum:      952 c2252c54ffade219203d006cdc64f91d
      http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch9.dsc
        Size/MD5 checksum:      950 157db49aeacbdbee525e922defce5f16
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch10_all.deb
        Size/MD5 checksum:    80422 a9b65d4e911add81e36120fbc544f81c
      http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.5.14-22etch10_all.deb
        Size/MD5 checksum:   705076 633d26be5fa1f2ade140c7da64fa6e6c
      http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.5.14-22etch10_all.deb
        Size/MD5 checksum:   103914 676482196214c4a12639a02521c53a7d
      http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.5.14-22etch9_all.deb
        Size/MD5 checksum:   212550 85b6f53b1e4a4ead87d775f11c77b49a
      http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.5.14-22etch9_all.deb
        Size/MD5 checksum:   705018 90f3187e48801bb2ec2db79378d2a591
      http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.5.14-22etch9_all.deb
        Size/MD5 checksum:    76138 243c034e04e560bda6c36bdc9dc7c507
      http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.5.14-22etch10_all.deb
        Size/MD5 checksum:   212632 096dd8f5c46723d1380f9a167d6bb376
      http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.5.14-22etch9_all.deb
        Size/MD5 checksum:  1010976 9e60171c74bc627e73e062c30e169d7e
      http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.5.14-22etch10_all.deb
        Size/MD5 checksum:    86194 8bb823343c71101fa959b45765b597b6
      http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.5.14-22etch9_all.deb
        Size/MD5 checksum:    87206 ece177d2a29bad7645fd3814903b2e8b
      http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.5.14-22etch9_all.deb
        Size/MD5 checksum:    88566 6739e7cb336746e32645ed46f940e39f
      http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.5.14-22etch10_all.deb
        Size/MD5 checksum:  1011010 516e5203afff464172b02ffd5c30a89e
      http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_4.5.14-22etch9_all.deb
        Size/MD5 checksum:    88670 8562b858d5e691eed636c51ac97575fe
      http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.5.14-22etch10_all.deb
        Size/MD5 checksum:    88650 ffb7e94dfcde242e63727afcbb5cf541
      http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch9_all.deb
        Size/MD5 checksum:    80324 a7a10e2bb6da8f71778d39885741d9d6
      http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.5.14-22etch9_all.deb
        Size/MD5 checksum:    89178 4e859efc65d23de82d8254476467a092
      http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.5.14-22etch10_all.deb
        Size/MD5 checksum:    76234 7c50c3c5583f68804979efd5adf2992a
      http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.5.14-22etch9_all.deb
        Size/MD5 checksum:    82138 3827dc51c27eeb10707339326e2af17c
      http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_4.5.14-22etch9_all.deb
        Size/MD5 checksum:    86392 ae8fc096931982372d6926e2633dbbd2
      http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.5.14-22etch10_all.deb
        Size/MD5 checksum:    89260 5508b317689cb6832109c3aed78cb58e
      http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_4.5.14-22etch10_all.deb
        Size/MD5 checksum:    95648 33598476706a7884652666ca2ca1af28
      http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_4.5.14-22etch10_all.deb
        Size/MD5 checksum:    86482 0508b738b4b48b9f0f60f732b1e91d74
      http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_4.5.14-22etch9_all.deb
        Size/MD5 checksum:    95592 1743291eb91467798186579f3aaf1d25
      http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.5.14-22etch10_all.deb
        Size/MD5 checksum:    87286 cda968a4ac1f7b4827fd3494334d31b6
      http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.5.14-22etch9_all.deb
        Size/MD5 checksum:    86104 e4ed2bb5eb3dd6571bf98ffbbe8042e6
      http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.5.14-22etch10_all.deb
        Size/MD5 checksum:    82230 e816404997ed010acc59c6662b483317
      http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.5.14-22etch9_all.deb
        Size/MD5 checksum:   103826 abd5c30fc9a5b6f8c5beb50056333688
      http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_4.5.14-22etch10_all.deb
        Size/MD5 checksum:    88752 579a75816591e7c458ad57dbf3c3b32f
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"6","type":"x","order":"2","pct":60,"resources":[]},{"id":"86","title":"No","votes":"4","type":"x","order":"3","pct":40,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.