Debian LTS: DLA-1988-1: ampache security update

    Date 11 Nov 2019
    403
    Posted By LinuxSecurity Advisories
    Several vulnerabilities were discovered in Ampache, a web-based audio file management system.
    Package        : ampache
    Version        : 3.6-rzb2752+dfsg-5+deb8u1
    CVE ID         : CVE-2019-12385 CVE-2019-12386
    
    
    Several vulnerabilities were discovered in Ampache, a web-based audio
    file management system.
    
    CVE-2019-12385
    
        A stored XSS exists in the localplay.php LocalPlay "add instance"
        functionality. The injected code is reflected in the instances menu.
        This vulnerability can be abused to force an admin to create a new
        privileged user whose credentials are known by the attacker.
    
    CVE-2019-12386
    
        The search engine is affected by a SQL Injection, so any user able
        to perform lib/class/search.class.php searches (even guest users)
        can dump any data contained in the database (sessions, hashed
        passwords, etc.). This may lead to a full compromise of admin
        accounts, when combined with the weak password generator algorithm
        used in the lostpassword functionality.
    
    
    For Debian 8 "Jessie", these problems have been fixed in version
    3.6-rzb2752+dfsg-5+deb8u1.
    
    We recommend that you upgrade your ampache packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    

    LinuxSecurity Poll

    Are you considering making the switch to Purism's new Librem 14 Linux laptop to improve your security and privacy online?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/31-are-you-considering-making-the-switch-to-purism-s-new-librem-14-linux-laptop-to-improve-your-security-and-privacy-online?task=poll.vote&format=json
    31
    radio
    [{"id":"109","title":"Yes - the hardware kill switches and default ad blocking\/tracking protection sold me on it.","votes":"2","type":"x","order":"1","pct":40,"resources":[]},{"id":"110","title":"Not sure yet - I need to do more research.","votes":"2","type":"x","order":"2","pct":40,"resources":[]},{"id":"111","title":"No - I'm satisfied with my current laptop and have no security\/privacy concerns.","votes":"1","type":"x","order":"3","pct":20,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.