Debian: New egroupware packages fix remote command execution

    Date10 Jul 2005
    CategoryDebian
    5357
    Posted ByJoe Shakespeare
    A vulnerability has been identified in the xmlrpc library included in the egroupware package. This vulnerability could lead to the execution of arbitrary commands on the server running egroupware.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA 747-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                            Michael Stone
    July 10, 2005                         http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : egroupware
    Vulnerability  : remote command execution
    Problem type   : input validation error
    Debian-specific: no
    CVE Id(s)      : CAN-2005-1921
    
    A vulernability has been identified in the xmlrpc library included in
    the egroupware package. This vulnerability could lead to the execution
    of arbitrary commands on the server running egroupware.
    
    The old stable distribution (woody) did not include egroupware.
    
    For the current stable distribution (sarge), this problem is fixed in
    version 1.0.0.007-2.dfsg-2sarge1.
    
    For the unstable distribution (sid), this problem is fixed in version
    1.0.0.007-3.dfsg-1.
    
    We recommend that you upgrade your egroupware package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian 3.1 (sarge)
    - ------------------
    
      sarge was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg.orig.tar.gz
          Size/MD5 checksum: 12699187 462f5ea377c4d0c04f16ffe8037b9d6a
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge1.diff.gz
          Size/MD5 checksum:    33321 2ae91aca7f89d1f3d5f725fa09384ed8
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge1.dsc
          Size/MD5 checksum:     1285 1849e8a4639068df7ac9f8f72272ef86
    
      Architecture independent packages:
    
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:     4212 6edb07699896314d8c0ce641e2228cc5
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-forum_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:    51144 e611af77c5bd0c4b75cd9227ca50e115
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-ftp_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:    37840 78e388f8967593e544992cc18fc47096
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-sitemgr_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:   486306 ff7956754ab17b48938bc290171ab6c6
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-jinn_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:   204810 0f4c3f9ce74980dc5102bbabb2909b49
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-stocks_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:    26322 88c9d54ae0e23842f0b59b3cdc3de55f
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-news-admin_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:    50530 d9407cff76325b2e597d30b16b55f35b
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-emailadmin_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:    37916 a0c6fc6f8c2138e8377dc24933a45772
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-addressbook_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:   148770 d96b5a43c0a29dd8dbc13d001831a45c
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpsysinfo_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:   115750 d94de6dbaf9135a6fb45a1f01ffc09f4
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-manual_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:    17100 2b837171f92886b79dab136b4cbed1b0
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-filemanager_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:   172670 e35d2a3af12432147711a39e31d0a194
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-tts_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:    92442 a1e6eacb42d3cf26bc2fe22086ee2332
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-comic_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:   255838 b00219a9f18f65b56cde18564dbcdfc6
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-fudforum_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:  1486218 7b8b470bf2a5f2279a322723ff74d031
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-infolog_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:   202082 ef4836ce08f0edfba3d7d2dee6f13225
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-bookmarks_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:   124930 bfdacc1755efb6e43133808bf77a1200
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpbrain_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:   119060 6588409cc9526dca31479a4d1a464cb6
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-core_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:  3771642 078dcb7065c3ced38e7e837d15003dde
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-messenger_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:    31966 3f1306aa4e31ce8518a967d5b6c8de23
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-etemplate_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:  1363034 bdc3797f41136a032488e458e090b729
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-calendar_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:   382010 4725c5ad39c9abf8ab116f8a5dd0bb57
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-headlines_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:    74732 2a08f46a7af3a0084426e317ffacf083
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-ldap_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:     6942 2504ff9fa488181edfd5484ebab583b0
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-wiki_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:    92404 18e426330d98178d6acf7b1f04e7a616
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-email_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:  1243590 14104d7117c1ddcfe4013e64cdf4f427
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-projects_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:   302036 275669f1b8eae13a4fa091423506aa65
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpldapadmin_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:   139354 664038c40ad93e64daf975e5e50d3550
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-felamimail_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:   275144 361b4166509e4dd861c907c2f9f846f5
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-polls_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:    35878 069b89e524f57fff58dfa91e19380ee0
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-registration_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:    99618 264116d3f03eddeae48e2ac1b5e74bb0
        http://security.debian.org/pool/updates/main/e/egroupware/egroupware-developer-tools_1.0.0.007-2.dfsg-2sarge1_all.deb
          Size/MD5 checksum:    53220 de815addc18f090c263b582db7025af3
    
    - -------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"40","type":"x","order":"1","pct":48.78,"resources":[]},{"id":"88","title":"Should be more technical","votes":"13","type":"x","order":"2","pct":15.85,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"29","type":"x","order":"3","pct":35.37,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.