Linux Security
    Linux Security
    Linux Security

    Debian: DSA-1978-1: New phpgroupware packages fix several vulnerabilities

    Date
    117
    Posted By
    Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems:
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1978-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                       Moritz Muehlenhoff
    January 26, 2010                      https://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : phpgroupware
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CVE-2009-4414 CVE-2009-4415 CVE-2009-4416
    
    Several remote vulnerabilities have been discovered in phpgroupware, a
    Web based groupware system written in PHP. The Common Vulnerabilities 
    and Exposures project identifies the following problems:
    
    CVE-2009-4414
    
        An SQL injection vulnerability was found in the authentication
        module.
    
    CVE-2009-4415
    
        Multiple directory traversal vulnerabilities were found in the
        addressbook module.
    
    CVE-2009-4416
    
        The authentication module is affected by cross-site scripting.
    
    
    For the stable distribution (lenny) these problems have been fixed in
    version 0.9.16.012+dfsg-8+lenny1.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 0.9.16.012+dfsg-9.
    
    We recommend that you upgrade your phpgroupware packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg.orig.tar.gz
        Size/MD5 checksum: 19383160 bbfcfa12aca69b4032d7b4d38aeba85f
      https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny1.diff.gz
        Size/MD5 checksum:    70541 fc805ae50cd52606578ed95e8a5bde96
      https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny1.dsc
        Size/MD5 checksum:     1662 0507c4e0a6be1d93a060a7c6222c84c0
    
    Architecture independent packages:
    
      https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-email_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:  1167526 b7d47f4df02c98e3269fd2b8bce094f4
      https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-core-base_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:    48252 80a0c4bf563e576fbad0b023fcca2f4b
      https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-calendar_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:   268338 acdc243f1b2cbcea42a548408232657d
      https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-addressbook_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:   180662 e0835bac92df72541b52912e80e1e852
      https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:    22380 c12295c8f5f4abdf2f9d8c94ceefe4a1
      https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-news-admin_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:    41572 d21d4ab4ce6adbb23a46a21fd0dd67cb
      https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-manual_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:    93094 dc2bcd999a4a97a0acb8a0a9b156ea03
      https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-filemanager_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:    95206 0faba6d54c83ac610d11a256a12eec67
      https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-phpgwapi_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:  1522130 c4ff77bb7c80222b04ccdb130f5d2db6
      https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-preferences_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:    60034 b7b86ca86b431dbd7b637506db451196
      https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:    20228 5563f9a3d9b4835b2c89cb1ba571b23f
      https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-core_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:     4546 de306e6062f710d430704297106f192e
      https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-admin_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:   192062 0427388ce20eb307946c6272856313b7
      https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-notes_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:    33356 700f8d5a2b8fff7b03f464259f912ddb
      https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-doc_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:   130988 230362e560b03abda388bb0964516d6c
      https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-phpgwapi-doc_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:  7984748 82aff1fbf1f337ad876dd63be9914102
      https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-setup_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:   276764 6c743b8fcfbdfa313086264ccee8a7fd
      https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-todo_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:    50716 6c7c8523a8e03e94a9211efccb337dd0
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and https://packages.debian.org/
    

    LinuxSecurity Poll

    Which statement best describes how you feel about the recent Linux 5.9 release?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/40-what-change-are-you-most-excited-about-in-linux-5-9?task=poll.vote&format=json
    40
    radio
    [{"id":"140","title":"Not a game-changer for me.","votes":"2","type":"x","order":"1","pct":18.18,"resources":[]},{"id":"141","title":"I'm happy with the performance improvements it offers.","votes":"9","type":"x","order":"2","pct":81.82,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.