Linux Security
    Linux Security
    Linux Security

    Debian: New phpbb2 packages fix several vulnerabilities

    Date
    14764
    Posted By
    Several remote vulnerabilities have been discovered in phpBB, a web based bulletin board.Private messaging allowed cross site request forgery, making it possible to delete all private messages of a user by sending them to a crafted web page.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1488-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Thijs Kinkhorst
    February 09, 2008                     https://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : phpbb2
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2006-4758 CVE-2006-6839 CVE-2006-6840 CVE-2006-6508 CVE-2006-6841 CVE-2008-0471
    Debian Bug     : 388120 405980 463589
    
    Several remote vulnerabilities have been discovered in phpBB, a web
    based bulletin board.
    
    The Common Vulnerabilities and Exposures project identifies the
    following problems:
    
    CVE-2008-0471
    
    	Private messaging allowed cross site request forgery, making
    	it possible to delete all private messages of a user by sending
    	them to a crafted web page.
    
    CVE-2006-6841 / CVE-2006-6508
    
    	Cross site request forgery enabled an attacker to perform various
    	actions on behalf of a logged in user. (Applies to sarge only)
    
    CVE-2006-6840
    
    	A negative start parameter could allow an attacker to create
    	invalid output. (Applies to sarge only)
    
    CVE-2006-6839
    
    	Redirection targets were not fully checked, leaving room for
    	unauthorised external redirections via a phpBB forum.
    	(Applies to sarge only)
    
    CVE-2006-4758
    
    	An authenticated forum administrator may upload files of any
    	type by using specially crafted filenames. (Applies to sarge only)
    
    
    For the stable distribution (etch), these problems have been fixed
    in version 2.0.21-7.
    
    For the old stable distribution (sarge), these problems have been
    fixed in version 2.0.13+1-6sarge4.
    
    For the unstable distribution (sid) these problems have been fixed
    in version 2.0.22-3.
    
    We recommend that you upgrade your phpbb2 package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
    Source archives:
    
      https://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.13+1-6sarge4.diff.gz
        Size/MD5 checksum:    67912 c403597d08f4c5af0f62b84c5ee72a7e
      https://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.13+1.orig.tar.gz
        Size/MD5 checksum:  3340445 678d0cb0372e46402a472c510fb90d78
      https://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.13+1-6sarge4.dsc
        Size/MD5 checksum:     1011 d5ca94a7a4c2b3468428a993a1dbc5cc
    
    Architecture independent packages:
    
      https://security.debian.org/pool/updates/main/p/phpbb2/phpbb2-conf-mysql_2.0.13-6sarge4_all.deb
        Size/MD5 checksum:    37766 f0df2114bd60d9b84fbda1d241294fdd
      https://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.13-6sarge4_all.deb
        Size/MD5 checksum:   526154 944e55e056fc34d970e95b78201589fe
      https://security.debian.org/pool/updates/main/p/phpbb2/phpbb2-languages_2.0.13-6sarge4_all.deb
        Size/MD5 checksum:  2868920 f10c4962035ede6e02417b8098efeda0
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Source archives:
    
      https://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.21-7.dsc
        Size/MD5 checksum:     1051 88ad3a4f2ee714cce779873b53ebd323
      https://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.21.orig.tar.gz
        Size/MD5 checksum:  3203456 30383a9bf6c5d21736e4bdf9ec7852d5
      https://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.21-7.diff.gz
        Size/MD5 checksum:    90580 896f80500e90867741c516e57fc8bfcc
    
    Architecture independent packages:
    
      https://security.debian.org/pool/updates/main/p/phpbb2/phpbb2-languages_2.0.21-7_all.deb
        Size/MD5 checksum:  2791410 afd8a0fe8138c8a5cf00a3e4ac10ac59
      https://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.21-7_all.deb
        Size/MD5 checksum:   554842 e8825ef3431bfe7ccf72f9f59f13a119
      https://security.debian.org/pool/updates/main/p/phpbb2/phpbb2-conf-mysql_2.0.21-7_all.deb
        Size/MD5 checksum:    53706 49baf96bcc1c273a93e8bb5169dca722
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    Which aspect of server security are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/38-which-aspect-of-server-security-are-you-most-interested-in-learning-more-about?task=poll.vote&format=json
    38
    radio
    [{"id":"131","title":"Preventing information leakage","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"132","title":"Firewall considerations","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"133","title":"Permissions ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.