Please also feel free to using our GPG key (found on our About page) or email us at This email address is being protected from spambots. You need JavaScript enabled to view it.
After many months in development, LinuxSecurity is pleased to announce the public beta of our new site with more of the stuff we love best - the latest news, advisories, feature articles, interviews, and other content relevant to the Linux user.
While we work out any last-minute issues during this beta period, we would really appreciate your input. We need your help to identify any bugs or features we may have missed. See something you really like or don't like? Please share your thoughts!
Several vulnerabilities were discovered in Ampache, a web-based audio file management system.
Package : ampache
Version : 3.6-rzb2752+dfsg-5+deb8u1
CVE ID : CVE-2019-12385 CVE-2019-12386
Several vulnerabilities were discovered in Ampache, a web-based audio
file management system.
CVE-2019-12385
A stored XSS exists in the localplay.php LocalPlay "add instance"
functionality. The injected code is reflected in the instances menu.
This vulnerability can be abused to force an admin to create a new
privileged user whose credentials are known by the attacker.
CVE-2019-12386
The search engine is affected by a SQL Injection, so any user able
to perform lib/class/search.class.php searches (even guest users)
can dump any data contained in the database (sessions, hashed
passwords, etc.). This may lead to a full compromise of admin
accounts, when combined with the weak password generator algorithm
used in the lostpassword functionality.
For Debian 8 "Jessie", these problems have been fixed in version
3.6-rzb2752+dfsg-5+deb8u1.
We recommend that you upgrade your ampache packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[{"id":"87","title":"Excellent, don't change a thing!","votes":"65","type":"x","order":"1","pct":57.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.27,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.2,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
bottom200
Copyright 2019 Guardian Digital, Inc. All rights reserved.
You are not authorised to post comments.