Debian: DSA-1978-1: New phpgroupware packages fix several vulnerabilities

    Date26 Jan 2010
    CategoryDebian
    59
    Posted ByLinuxSecurity Advisories
    Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems:
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1978-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                       Moritz Muehlenhoff
    January 26, 2010                      http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : phpgroupware
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CVE-2009-4414 CVE-2009-4415 CVE-2009-4416
    
    Several remote vulnerabilities have been discovered in phpgroupware, a
    Web based groupware system written in PHP. The Common Vulnerabilities 
    and Exposures project identifies the following problems:
    
    CVE-2009-4414
    
        An SQL injection vulnerability was found in the authentication
        module.
    
    CVE-2009-4415
    
        Multiple directory traversal vulnerabilities were found in the
        addressbook module.
    
    CVE-2009-4416
    
        The authentication module is affected by cross-site scripting.
    
    
    For the stable distribution (lenny) these problems have been fixed in
    version 0.9.16.012+dfsg-8+lenny1.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 0.9.16.012+dfsg-9.
    
    We recommend that you upgrade your phpgroupware packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg.orig.tar.gz
        Size/MD5 checksum: 19383160 bbfcfa12aca69b4032d7b4d38aeba85f
      http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny1.diff.gz
        Size/MD5 checksum:    70541 fc805ae50cd52606578ed95e8a5bde96
      http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny1.dsc
        Size/MD5 checksum:     1662 0507c4e0a6be1d93a060a7c6222c84c0
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-email_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:  1167526 b7d47f4df02c98e3269fd2b8bce094f4
      http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-core-base_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:    48252 80a0c4bf563e576fbad0b023fcca2f4b
      http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-calendar_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:   268338 acdc243f1b2cbcea42a548408232657d
      http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-addressbook_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:   180662 e0835bac92df72541b52912e80e1e852
      http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:    22380 c12295c8f5f4abdf2f9d8c94ceefe4a1
      http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-news-admin_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:    41572 d21d4ab4ce6adbb23a46a21fd0dd67cb
      http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-manual_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:    93094 dc2bcd999a4a97a0acb8a0a9b156ea03
      http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-filemanager_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:    95206 0faba6d54c83ac610d11a256a12eec67
      http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-phpgwapi_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:  1522130 c4ff77bb7c80222b04ccdb130f5d2db6
      http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-preferences_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:    60034 b7b86ca86b431dbd7b637506db451196
      http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:    20228 5563f9a3d9b4835b2c89cb1ba571b23f
      http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-core_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:     4546 de306e6062f710d430704297106f192e
      http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-admin_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:   192062 0427388ce20eb307946c6272856313b7
      http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-notes_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:    33356 700f8d5a2b8fff7b03f464259f912ddb
      http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-doc_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:   130988 230362e560b03abda388bb0964516d6c
      http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-phpgwapi-doc_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:  7984748 82aff1fbf1f337ad876dd63be9914102
      http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-setup_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:   276764 6c743b8fcfbdfa313086264ccee8a7fd
      http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-todo_0.9.16.012+dfsg-8+lenny1_all.deb
        Size/MD5 checksum:    50716 6c7c8523a8e03e94a9211efccb337dd0
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.