Debian: DSA-1752-1: New webcit packages fix potential remote code execution

    Date23 Mar 2009
    CategoryDebian
    54
    Posted ByLinuxSecurity Advisories
    Wilfried Goesgens discovered that WebCit, the web-based user interface for the Citadel groupware system, contains a format string vulnerability in the mini_calendar component, possibly allowing arbitrary code execution (CVE-2009-0364).
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1752-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                           Florian Weimer
    March 23, 2009                        http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : webcit
    Vulnerability  : format string vulnerability
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2009-0364
    
    Wilfried Goesgens discovered that WebCit, the web-based user interface
    for the Citadel groupware system, contains a format string
    vulnerability in the mini_calendar component, possibly allowing
    arbitrary code execution (CVE-2009-0364).
    
    For the stable distribution (lenny), this problem has been fixed in
    version 7.37-dfsg-7.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 7.38b-dfsg-2.
    
    We recommend that you upgrade your webcit packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/w/webcit/webcit_7.37-dfsg.orig.tar.gz
        Size/MD5 checksum:  1192317 e3e47149a6553e43694e826f4885ba46
      http://security.debian.org/pool/updates/main/w/webcit/webcit_7.37-dfsg-7.diff.gz
        Size/MD5 checksum:    18735 f30f31bff85ef9cc40aba5bf5f3c1278
      http://security.debian.org/pool/updates/main/w/webcit/webcit_7.37-dfsg-7.dsc
        Size/MD5 checksum:     1253 f2b409fdfbde0c38af85070180a4321f
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_alpha.deb
        Size/MD5 checksum:   547908 84e6dfa88008d2c51070803d0af04148
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_amd64.deb
        Size/MD5 checksum:   509426 4e9e9b518be1a1e87cd08d0def32f612
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_arm.deb
        Size/MD5 checksum:   505092 a3027a329b7a17166eddafe66eff5fde
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_armel.deb
        Size/MD5 checksum:   504990 d6df9145a39f0be111667d14528a0a52
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_hppa.deb
        Size/MD5 checksum:   527860 f46e26bac6a926b6b7a28f9f7557077b
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_i386.deb
        Size/MD5 checksum:   496954 43aac6120f334b606edddd9f9a182b44
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_ia64.deb
        Size/MD5 checksum:   605578 2231aac4aaa8ef730485ea8d40c5019b
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_mips.deb
        Size/MD5 checksum:   512552 cc2904da25b4ec9e70d56b63d50e57aa
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_mipsel.deb
        Size/MD5 checksum:   511294 e0e4de0530cb84f0472765fb2bd6b62f
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_powerpc.deb
        Size/MD5 checksum:   522134 a8b1970f336c836884eddb62c614f436
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_s390.deb
        Size/MD5 checksum:   505406 621a33e619037bd739bf45451ef589eb
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_sparc.deb
        Size/MD5 checksum:   507950 1d22cf3b4f1faf910d031acb6504bfae
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.