Several security issues were fixed in redmine.
Software Description:
- redmine: flexible project management web application
Details:
It was discovered that Redmine incorrectly handle certain inputs that could
cause textile formatting errors. An attacker could possibly use this issue to
cause a XSS attack. (CVE-2019-17427)
It was discovered that an SQL injection could allow users to access protected
information via a crafted object query. (CVE-2019-18890)
The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: redmine 4.0.1-2ubuntu0.1 redmine-mysql 4.0.1-2ubuntu0.1 redmine-pgsql 4.0.1-2ubuntu0.1 redmine-sqlite 4.0.1-2ubuntu0.1 Ubuntu 18.04 LTS: redmine 3.4.4-1ubuntu0.1 redmine-mysql 3.4.4-1ubuntu0.1 redmine-pgsql 3.4.4-1ubuntu0.1 redmine-sqlite 3.4.4-1ubuntu0.1 Ubuntu 16.04 LTS: redmine 3.2.1-2ubuntu0.2 redmine-mysql 3.2.1-2ubuntu0.2 redmine-pgsql 3.2.1-2ubuntu0.2 redmine-sqlite 3.2.1-2ubuntu0.2 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-4200-1
CVE-2019-17427, CVE-2019-18890
Get the latest Linux and open source security news straight to your inbox.