What Are You Looking For?

Sign Up
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-4516
2015-03-26 16:36:46
--------------------------------------------------------------------------------

Name        : glpi
Product     : Fedora 20
Version     : 0.84.8
Release     : 4.fc20
URL         : https://www.glpi-project.org/
Summary     : Free IT asset management software
Description :
GLPI is the Information Resource-Manager with an additional Administration-
Interface. You can use it to build up a database with an inventory for your
company (computer, software, printers...). It has enhanced functions to make
the daily life for the administrators easier, like a job-tracking-system with
mail-notification and methods to build a database with basic information
about your network-topology.

--------------------------------------------------------------------------------
Update Information:

* Fix privilege escalation via user creation with a crafted POST request

--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 24 2015 Remi Collet  - 0.84.8-4
- add security fix * Mon Dec 22 2014 Remi Collet  - 0.84.8-3
- fix SQL Injection CVE-2014-9258
* Fri Nov  7 2014 Remi Collet  - 0.84.8-2
- use httpd_var_lib_t selinux context for /var/lib/glpi
- don't rely on system selinux policy in EPEL-7
- fix apache configuration when mod_php not enabled
* Fri Oct 17 2014 Remi Collet  - 0.84.8-1
- update to 0.84.8
  - rely on system SELinux policy (Fedora >= 20, EPEL-7)
* Fri Jul 11 2014 Remi Collet  - 0.84.7-1
- update to 0.84.7
  * Wed Jun 18 2014 Remi Collet  - 0.84.6-1
- update to 0.84.6
  * Wed Feb 26 2014 Remi Collet  - 0.84.5-1
- update to 0.84.5
  * Wed Jan 22 2014 Remi Collet  - 0.84.4-1
- update to 0.84.4
  * Tue Jan 21 2014 Remi Collet  - 0.84.3-2
- fix SELinux context #1032995
  use httpd_sys_rw_content_t instead of httpd_sys_script_rw_t
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1194196 - glpi: privilege escalation via user creation with a crafted POST request
        https://bugzilla.redhat.com/show_bug.cgi?id=1194196
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update glpi' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Fedora 20: glpi Security Update

April 5, 2015
* Fix privilege escalation via user creation with a crafted POST request

Summary

GLPI is the Information Resource-Manager with an additional Administration-

Interface. You can use it to build up a database with an inventory for your

company (computer, software, printers...). It has enhanced functions to make

the daily life for the administrators easier, like a job-tracking-system with

mail-notification and methods to build a database with basic information

about your network-topology.

Update Information:

* Fix privilege escalation via user creation with a crafted POST request

Change Log

* Tue Mar 24 2015 Remi Collet - 0.84.8-4 - add security fix * Mon Dec 22 2014 Remi Collet - 0.84.8-3 - fix SQL Injection CVE-2014-9258 * Fri Nov 7 2014 Remi Collet - 0.84.8-2 - use httpd_var_lib_t selinux context for /var/lib/glpi - don't rely on system selinux policy in EPEL-7 - fix apache configuration when mod_php not enabled * Fri Oct 17 2014 Remi Collet - 0.84.8-1 - update to 0.84.8 - rely on system SELinux policy (Fedora >= 20, EPEL-7) * Fri Jul 11 2014 Remi Collet - 0.84.7-1 - update to 0.84.7 * Wed Jun 18 2014 Remi Collet - 0.84.6-1 - update to 0.84.6 * Wed Feb 26 2014 Remi Collet - 0.84.5-1 - update to 0.84.5 * Wed Jan 22 2014 Remi Collet - 0.84.4-1 - update to 0.84.4 * Tue Jan 21 2014 Remi Collet - 0.84.3-2 - fix SELinux context #1032995 use httpd_sys_rw_content_t instead of httpd_sys_script_rw_t

References

[ 1 ] Bug #1194196 - glpi: privilege escalation via user creation with a crafted POST request https://bugzilla.redhat.com/show_bug.cgi?id=1194196

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update glpi' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : glpi
Product : Fedora 20
Version : 0.84.8
Release : 4.fc20
URL : https://www.glpi-project.org/
Summary : Free IT asset management software

Related News

Nearly 40% of Ubuntu Users Vulnerable to New Privilege Escalation Flaws

Aug 3, 2023

PHP Vuln Threatens Confidentiality of Impacted Systems

May 11, 2023

Remotely Exploitable DoS, Request Smuggling Netty Vulns Fixed

May 4, 2023

A New Privilege Escalation Vulnerability in the Linux Kernel, Enables a Local Attacker to Execute Malware on Vulnerable Systems

Jan 17, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo