Debian LTS: DLA-1988-1: ampache security update

    Date11 Nov 2019
    CategoryDebian LTS
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities were discovered in Ampache, a web-based audio file management system.
    Package        : ampache
    Version        : 3.6-rzb2752+dfsg-5+deb8u1
    CVE ID         : CVE-2019-12385 CVE-2019-12386
    Several vulnerabilities were discovered in Ampache, a web-based audio
    file management system.
        A stored XSS exists in the localplay.php LocalPlay "add instance"
        functionality. The injected code is reflected in the instances menu.
        This vulnerability can be abused to force an admin to create a new
        privileged user whose credentials are known by the attacker.
        The search engine is affected by a SQL Injection, so any user able
        to perform lib/class/search.class.php searches (even guest users)
        can dump any data contained in the database (sessions, hashed
        passwords, etc.). This may lead to a full compromise of admin
        accounts, when combined with the weak password generator algorithm
        used in the lostpassword functionality.
    For Debian 8 "Jessie", these problems have been fixed in version
    We recommend that you upgrade your ampache packages.
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at:
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"90","title":"Love them!","votes":"5","type":"x","order":"1","pct":100,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.