Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Gentoo: GLSA-201811-05 Normal: PHProjekt Remote Execution Risk

gentoo
Calendar Grey November 10, 2018
Dist Gentoo Esm H88
Fedora Linux addresses vulnerabilities in Jitsi Meet that enable unauthorized access and denial of service exploits. Discover more!
Multiple vulnerabilities have been found in PHProjekt due to embedded Zend Framework, the worst of which could allow attackers to remotely execute arbitrary commands

Summary

Multiple vulnerabilities have been discovered in PHProjekt due to embedded Zend Framework. Please review the GLSA identifiers referenced below for details.

Topics%20covered

Topics Covered

security advisory gentoo remote code execution sql injection normal multiple risks phpprojekt

Resolution

Gentoo has discontinued support for PHProjekt and recommends that usersunmerge the package: # emerge --unmerge "www-apps/phprojekt"

References

[ 1 ] GLSA 201804-10 https://security.gentoo.org/glsa/201804-10

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201811-05
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: Normal
Title: PHProjekt: Multiple vulnerabilities
Date: November 10, 2018
Bugs: #650936
ID: 201811-05

Topics%20covered

Topics Covered

security advisory gentoo remote code execution sql injection normal multiple risks phpprojekt

Synopsis

Multiple vulnerabilities have been found in PHProjekt due to embedded Zend Framework, the worst of which could allow attackers to remotely execute arbitrary commands.

Background

PHProjekt is an application suite that supports communication and management of teams and companies.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/phprojekt <= 6.1.2 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers.

Impact

===== Remote attackers could execute arbitrary commands or conduct SQL injection attacks.

Workaround

There is no known workaround at this time.

Your message here