Collabtive could be made to run programs if it received
specially crafted network traffic from an authenticated user.
Software Description:
- collabtive: Web-based project management software
Details:
It was discovered that Collabtive did not properly validate avatar image
file uploads. An authenticated user could exploit this with a crafted file
to cause Collabtive to execute arbitrary code. (CVE-2015-0258)
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: collabtive 2.0+dfsg-6ubuntu1.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-4590-1
CVE-2015-0258
Get the latest Linux and open source security news straight to your inbox.