Debian: DSA-4191-1: redmine security update

    Date03 May 2018
    CategoryDebian
    5140
    Posted ByAnthony Pell
    Multiple vulnerabilities were discovered in Redmine, a project management web application. They could lead to remote code execution, information disclosure or cross-site scripting attacks.
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-4191-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                       Sebastien Delafond
    May 03, 2018                          https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : redmine
    CVE ID         : CVE-2017-15568 CVE-2017-15569 CVE-2017-15570 CVE-2017-15571 
                     CVE-2017-15572 CVE-2017-15573 CVE-2017-15574 CVE-2017-15575 
                     CVE-2017-15576 CVE-2017-15577 CVE-2017-16804 CVE-2017-18026
    Debian Bug     : 882544 882545 882547 882548 887307
    
    Multiple vulnerabilities were discovered in Redmine, a project
    management web application. They could lead to remote code execution,
    information disclosure or cross-site scripting attacks.
    
    For the stable distribution (stretch), these problems have been fixed in
    version 3.3.1-4+deb9u1.
    
    We recommend that you upgrade your redmine packages.
    
    In addition, this message serves as an announcement that security
    support for redmine in the Debian 8 oldstable release (jessie) is now
    discontinued.
    
    Users of redmine in Debian 8 that want security updates are strongly
    encouraged to upgrade now to the current Debian 9 stable release
    (stretch).
    
    For the detailed security status of redmine please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/redmine
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"22","type":"x","order":"1","pct":55,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.5,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":32.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.