Debian: New packages fix remote command execution in phpgroupware

    Date13 Jul 2005
    CategoryDebian
    6638
    Posted ByLinuxSecurity Advisories
    A vulnerability had been identified in the xmlrpc library included with phpgroupware, a web-based application including email, calendar and other groupware functionality. This vulnerability could lead to the execution of arbitrary commands on the server running phpgroupware.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA 746-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                            Michael Stone
    July 13, 2005                         http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : phpgroupware
    Vulnerability  : remote command execution
    Problem type   : input validation error
    Debian-specific: no
    CVE Id(s)      : CAN-2005-1921
    
    A vulnerability had been identified in the xmlrpc library included with
    phpgroupware, a web-based application including email, calendar and
    other groupware functionality. This vulnerability could lead to the
    execution of arbitrary commands on the server running phpgroupware.
    
    The security team is continuing to investigate the version of
    phpgroupware included with the old stable distribution (sarge). At this
    time we recommend disabling phpgroupware or upgrading to the current
    stable distribution (sarge).
    
    For the current stable distribution (sarge) this problem has been fixed
    in version 0.9.16.005-3.sarge0.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 0.9.16.006-1.
    
    We recommend that you upgrade your phpgroupware package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian 3.1 (sarge)
    - ------------------
    
      sarge was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge0.dsc
          Size/MD5 checksum:     1665 6b60af214470336fb8dd24d029ab6326
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge0.diff.gz
          Size/MD5 checksum:    31814 f9f0fdb982212255037d4129736e7c21
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005.orig.tar.gz
          Size/MD5 checksum: 19442629 5edd5518e8f77174c12844f9cfad6ac4
    
      Architecture independent packages:
    
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-ftp_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    35984 4a87585b9a1c5f7ac32cd6a7fb217242
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-admin_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:   185894 c33f2c74c3df4d7ecaba47499adfcfc2
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpgwapi_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:  9674304 8f9bc38f2610d7aeeab769f6571f8ce6
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-infolog_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:   135960 bbc1ca292006147f097cc79396de8808
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-registration_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    29534 ed73d7edab4ceae62b2b2bde8d279387
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-addressbook_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:   176070 29005653b28191bc31f2f09b49e4b681
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-news-admin_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    40858 18b367628b687ae793281ddb6399aa0a
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-fudforum_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:  1355020 ebe912a08a7b8721d21b98b95cd0eda2
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-preferences_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    59198 f7d81622bd273a1bb7aa2ff227f2c007
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-nntp_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    46498 565979513780536ee9cc6573728cea48
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-sitemgr_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:   902042 fe53830690ad59fd3711b156260f39ad
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chat_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    22760 d40b76c6cfde48dc863eb07fa68f618c
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpbrain_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    39746 0a0e1480285d96d2b9cf175df30284a8
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phonelog_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    20272 f9b8d9bd93eb716f1ff689eea0307038
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-wiki_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    69878 cafaf90a5c9053ba36614fd9140d2dec
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookmarks_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:   100516 67d9c3435e6b55f7f5961772267ca1ad
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-developer-tools_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    32896 1e2af590a4887c3ba471930d6eb99128
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-skel_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    18770 1c69b89be7e3cdf5003b3d6e4b7eb1d8
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-calendar_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:   323552 22390645056bcb021c2e608644f4f591
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-folders_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:   166002 f7a6ba93175803e7de9517698397cb90
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-etemplate_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:  1328904 4c2982ec97a5b08f6d2d83fafbdbbe43
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-felamimail_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:   179716 0706f78f53596f7adeddda57a6977a09
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-filemanager_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    91192 f49356e1ba4540c657ff64ebbca6ce62
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-todo_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    49828 3001c35e7b6780a063a1c6dc74a7785d
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-projects_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:   119876 21d5eb594517b56f348186189292a0dc
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-xmlrpc_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    62508 922fe6644df12d786b2500eb07bd5523
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-email_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:  1117384 b7f5819fed77a668023204786ec00d68
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-comic_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:   433776 0ddc8573dff45912049bb3c516889f4c
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-dj_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    42338 4a17fcf60a2575be7182ffa780a7eb0e
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-setup_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:   266852 2e05a4e8f1dea399e5b8ddc99322d2d1
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-stocks_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    21542 2beb7d5a99acdc2a33c8fe672574d025
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:     6092 cb1f96251a63d5fadba172f648f7f909
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-hr_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    18390 95374052008b852fbea203d3f6fd1d75
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:   155778 b1e8dc55d9e5a4ed9d868750957babb7
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-headlines_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    63476 3bc0223e4550a7a56295017885f07998
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpsysinfo_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:   116012 bdffce5b093fb41e0429a7d4eee8ea93
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-img_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:     8272 f4649ebb3b674661a1a172d1f503a673
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-eldaptir_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    49984 0ba721f8a669b6b6338ae90c7bb9070f
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-messenger_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    25578 461e9804f5ce01b332cbe6569529bdc9
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-soap_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    23596 2e3454fa36009152beb0695c80a238ec
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-forum_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    45118 996eebff648f4b688403cfb00255b924
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-manual_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    90172 2196aa43de438b0a5d3754ba0b4f8089
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-qmailldap_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    23050 02ed1690b4d3547dbbcfe8145d234062
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-tts_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    55322 9f8ddccce78aa7ac488d6bd965bb2732
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-notes_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    34538 0de0c8c676a0e1efca8845c78d0ae201
        http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-polls_0.9.16.005-3.sarge0_all.deb
          Size/MD5 checksum:    31116 2b7e22a553c0bc0457757993dda7cfe8
    
    - -------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.