Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Fedora 20 - FEDORA-2015-4516 Moderate: GLPI Privilege Escalation Fix

fedora
Calendar Grey April 5, 2015
Dist Fedora Esm H88
The patch resolves a significant vulnerability linked to privilege elevation in glpi, enhancing the protection of Ubuntu 18 systems.
* Fix privilege escalation via user creation with a crafted POST request

Summary

GLPI is the Information Resource-Manager with an additional Administration-

Interface. You can use it to build up a database with an inventory for your

company (computer, software, printers...). It has enhanced functions to make

the daily life for the administrators easier, like a job-tracking-system with

mail-notification and methods to build a database with basic information

about your network-topology.

Update Information:

* Fix privilege escalation via user creation with a crafted POST request

Topics%20covered

Topics Covered

security advisory software update Fedora privilege escalation security fix GLPI

Change Log

* Tue Mar 24 2015 Remi Collet - 0.84.8-4 - add security fix * Mon Dec 22 2014 Remi Collet - 0.84.8-3 - fix SQL Injection CVE-2014-9258 * Fri Nov 7 2014 Remi Collet - 0.84.8-2 - use httpd_var_lib_t selinux context for /var/lib/glpi - don't rely on system selinux policy in EPEL-7 - fix apache configuration when mod_php not enabled * Fri Oct 17 2014 Remi Collet - 0.84.8-1 - update to 0.84.8 - rely on system SELinux policy (Fedora >= 20, EPEL-7) * Fri Jul 11 2014 Remi Collet - 0.84.7-1 - update to 0.84.7 * Wed Jun 18 2014 Remi Collet - 0.84.6-1 - update to 0.84.6 * Wed Feb 26 2014 Remi Collet - 0.84.5-1 - update to 0.84.5 * Wed Jan 22 2014 Remi Collet - 0.84.4-1 - update to 0.84.4 * Tue Jan 21 2014 Remi Collet - 0.84.3-2 - fix SELinux context #1032995 use httpd_sys_rw_content_t instead of httpd_sys_script_rw_t

References


[ 1 ] Bug #1194196 - glpi: privilege escalation via user creation with a crafted POST request https://bugzilla.redhat.com/show_bug.cgi?id=1194196

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update glpi' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: glpi
Product: Fedora 20
Version: 0.84.8
Release: 4.fc20
URL: https://www.glpi-project.org/en/
Summary: Free IT asset management software

Topics%20covered

Topics Covered

security advisory software update Fedora privilege escalation security fix GLPI

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here