Linux Security
Linux Security
Linux Security

Debian: phpgroupware multiple vulnerabilities DSA-365-1

Date 06 Aug 2003
3215
Posted By LinuxSecurity Advisories
Several vulnerabilities have been discovered in phpgroupware.

- --------------------------------------------------------------------------
Debian Security Advisory DSA 365-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
https://www.debian.org/security/                             Matt Zimmerman
August 5th, 2003                         https://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : phpgroupware
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2003-0504, CAN-2003-0599, CAN-2003-0657

Several vulnerabilities have been discovered in phpgroupware:

- - CAN-2003-0504: Multiple cross-site scripting (XSS) vulnerabilities
  in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to
  insert arbitrary HTML or web script, as demonstrated with a request
  to index.php in the addressbook module.

- - CAN-2003-0599: Unknown vulnerability in the Virtual File System
  (VFS) capability for phpGroupWare 0.9.16preRC and versions before
  0.9.14.004 with unknown implications, related to the VFS path being
  under the web document root.

- - CAN-2003-0657: Multiple SQL injection vulnerabilities in the infolog
  module of phpgroupware could allow remote attackers to execute
  arbitrary SQL statements.

For the stable distribution (woody), these problems have been fixed in
version 0.9.14-0.RC3.2.woody2.

For the unstable distribution (sid), these problems will be fixed
soon.  Refer to Debian bug #201980.

We recommend that you update your phpgroupware package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14-0.RC3.2.woody2.dsc
      Size/MD5 checksum:     1648 93a22cf33766d0da16e471ce32c7f213
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14-0.RC3.2.woody2.diff.gz
      Size/MD5 checksum:   450742 fb1dc330a0811f186c1e03bc91c20ce7
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14.orig.tar.gz
      Size/MD5 checksum:  8356188 22e715d0884d09aa848d694701a85b6b

  Architecture independent components:

     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-addressbook_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    78752 d825eaa68b15d1c7d7f67c9365ac7c48
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-admin_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:   142068 c7a17b0e79a8b4d5a4792df7f5f11241
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-api-doc_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:   283128 3b037f7a52c34a89ff70734746983fee
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-api_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:  2112084 ac91891afd802b09fdc00be19cbd6088
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookkeeping_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    40128 e118ec41df6369ce6315584d11c2d37b
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookmarks_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:   121132 ef1b1ab9cb60201e8c3735a913967242
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-brewer_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    63446 c17d2fe4803b325f83c4ffbcdf2d291d
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-calendar_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:   223392 f20a9d4ea0f0b25312139a981d745d75
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chat_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    18964 1c2a1ee3ff2a21148e791b0cd19ca8a3
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chora_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    59788 ab5a2baa28d1ab14f7129ce656649b44
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-comic_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:   326248 7c4e63e419dd152886a92c5c09d5b3ab
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core-doc_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    89112 a0e6a3c0c7ecf74cc244924d2ecf4f55
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    18902 35099021465ab7ebb2b7ee760e6b70f4
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-developer-tools_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    40780 151e36e027b09e2ae2978a8fc8ebb628
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-dj_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    45410 48471bd170e7b5ee355925264b77eb4f
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-eldaptir_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    47028 a27eb8411e2d41e8f18d6a9af0a864de
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-email_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:   313264 626a400affcfcd69e4ee9450d09f2a0c
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-filemanager_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    37432 fef58c4c16d52f85c9992d1c97d2df7d
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-forum_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    47750 0b387b72c9e3d8515ca1dd628e9deff3
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-ftp_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    39450 eb0b97624c8cd153273f4b49560eb17b
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-headlines_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    59416 9d524b292991a8f7340300572f1a5efc
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-hr_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    23774 9bf313b7b7e411ccbfecbcb5a6befed7
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-img_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    38654 af5425ba4df22d7bd089bc5e19721a7b
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-infolog_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    92774 dec62996133857d906fe5c7b7f7bb026
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-inv_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    89368 d680c096b16299f7f37b9b87adb21bb8
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-manual_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    92564 5ea8b1fd199767f7c37f1dc28c13962f
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-messenger_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    29702 e30218b43262f531bbdd76123af55e24
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-napster_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    26126 b3777f397897fc821dc4031075afc5ff
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-news-admin_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    31534 2cbeb9e702f9082beae4e70069cfd541
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-nntp_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    44502 5ee3c873c1497dbf6443611b8d7c195a
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-notes_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    27194 38155a1f43abdaee60edb232c938e781
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phonelog_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    21706 aaabc4a558f38ef95219ba2cbdca72b9
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpsysinfo_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    34984 a6a24cf61f28f903b26f21d5579e62b5
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpwebhosting_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    61690 2789e986ec5553158bcfa061f439a016
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-polls_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    29644 8915e9e52820c03d53c3abcd90fdd8e1
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-preferences_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    45586 170eaa764caed9fd4df57fbef1f08a8c
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-projects_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    86298 000b2cb49d1befdd8c5d224a2e6a80d0
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-registration_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    35896 b2f0aad62202ed20be87f58e2f308483
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-setup_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:   272394 9b4cbea2aa72d25aa39f66283d9cca9a
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-skel_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    30894 2ed102a96f56e4ad712c457eba20cc3f
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-soap_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    22530 18261fb8b7e3edb8954db7fe2f9188a5
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-stocks_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    26644 c253f429544d85128f18c5b5f78683d7
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-todo_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    43124 1d526e61157760f0363f230fede803ee
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-tts_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    46140 9f7147cb2da079c4e15343ae7044c9f2
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-wap_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    27570 3f10b7ce2ea59162bbe48de3a6ba5a14
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-weather_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:   498274 9cdf6321099ce4870fe2f70ae722986a
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-xmlrpc_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    74426 50076afe3bd152ae3c8282f2f795b6ae
     https://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14-0.RC3.2.woody2_all.deb
      Size/MD5 checksum:    25652 5dc38752cd0a47e16a213de78524e1de

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb  https://security.debian.org/ stable/updates main
For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and  https://packages.debian.org/

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"47","type":"x","order":"1","pct":79.66,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"7","type":"x","order":"2","pct":11.86,"resources":[]},{"id":"181","title":"Hardly ever","votes":"5","type":"x","order":"3","pct":8.47,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.