Linux Security
    Linux Security
    Linux Security

    Debian LTS: DLA-1988-1: ampache security update

    Date
    471
    Posted By
    Several vulnerabilities were discovered in Ampache, a web-based audio file management system.
    Package        : ampache
    Version        : 3.6-rzb2752+dfsg-5+deb8u1
    CVE ID         : CVE-2019-12385 CVE-2019-12386
    
    
    Several vulnerabilities were discovered in Ampache, a web-based audio
    file management system.
    
    CVE-2019-12385
    
        A stored XSS exists in the localplay.php LocalPlay "add instance"
        functionality. The injected code is reflected in the instances menu.
        This vulnerability can be abused to force an admin to create a new
        privileged user whose credentials are known by the attacker.
    
    CVE-2019-12386
    
        The search engine is affected by a SQL Injection, so any user able
        to perform lib/class/search.class.php searches (even guest users)
        can dump any data contained in the database (sessions, hashed
        passwords, etc.). This may lead to a full compromise of admin
        accounts, when combined with the weak password generator algorithm
        used in the lostpassword functionality.
    
    
    For Debian 8 "Jessie", these problems have been fixed in version
    3.6-rzb2752+dfsg-5+deb8u1.
    
    We recommend that you upgrade your ampache packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    

    Advisories

    LinuxSecurity Poll

    Which aspect of server security are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/38-which-aspect-of-server-security-are-you-most-interested-in-learning-more-about?task=poll.vote&format=json
    38
    radio
    [{"id":"131","title":"Preventing information leakage","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"132","title":"Firewall considerations","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"133","title":"Permissions ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.