Several security issues were fixed in SPIP.
Software Description:
- spip: website engine for publishing
Details:
Youssouf Boulouiz discovered that SPIP incorrectly handled login error
messages. A remote attacker could potentially exploit this to conduct
cross-site scripting (XSS) attacks. (CVE-2019-16392)
Gilles Vincent discovered that SPIP incorrectly handled password reset
requests. A remote attacker could possibly use this issue to cause SPIP to
enumerate registered users. (CVE-2019-16394)
Guillaume Fahrner discovered that SPIP did not properly sanitize input. A
remote authenticated attacker could possibly use this issue to execute
arbitrary code on the host server. (CVE-2019-11071)
Sylvain Lefevre discovered that SPIP incorrectly handled user
authorization. A remote attacker could possibly use this issue to modify
and publish content and modify the database. (CVE-2019-16391)
It was discovered that SPIP did not properly sanitize input. A remote
at...
The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: spip 3.1.4-4~deb9u3build0.18.04.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-4536-1
CVE-2017-15736, CVE-2019-11071, CVE-2019-16391, CVE-2019-16392,
CVE-2019-16393, CVE-2019-16394, CVE-2019-19830
Get the latest Linux and open source security news straight to your inbox.