Stay Vigilant with Timely Linux Security Advisories

security advisorydenial of servicecritical

Debian DSA-1945-1 Critical: Gforge Symlink Attack Denial Of Service

Sylvain Beucler discovered that gforge, a collaborative development tool, is prone to a symlink attack, which allows local users to perform a denial of service attack by overwriting arbitrary files. . - ------------------------------------------------------------------------ Debian Security Advisory DSA-1945-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Steffen Joeris December 03, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : gforge Vulnerability : symlink attack Problem type : local Debian-specific: no CVE ID : CVE-2009-3304 Sylvain Beucler discovered that gforge, a collaborative development tool, is prone to a symlink attack, which allows local users to perform a denial of service attack by overwriting arbitrary files. For the stable distribution (lenny), this problem has been fixed in version 4.7~rc2-7lenny3. The oldstable distribution (etch), this problem has been fixed in version 4.5.14-22etch13. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 4.8.2-1. We recommend that you upgrade your gforge packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 953a170b517b1d68ca0ad53a1b8b03c3317 Size/MD5 checksum: 2161141 e85f82eff84ee073f80a2a52dd32c8a5 Size/MD5 checksum: 204328 33081d2f6a0056b31091360db3002a9f Architecture independent packages: Size/MD5 checksum: 86628 c6b62116a819fa9033335acae8df867d Size/MD5 checksum: 1012268 78dfb2931853c3f89d233cc9510199f2 Size/MD5 checksum: 212786 1bc973b449b07020fbef4519fc8e074e Size/MD5 checksum: 705446 286aba34673375cb8763765fd241d791 Size/MD5 checksum: 86344 394f14f010e9de88145cc3251e7e8982 Size/MD5 checksum: 80562 52133da4596347d8c05e37643a959435 Size/MD5 checksum: 88808 72ad3b9f7d9d1f8732551a99b5e74471 Size/MD5 checksum: 76368 c7ba219bac6560994c07dfb639801c99 Size/MD5 checksum: 89414 095ca81a4671193cd5d822e967d36684 Size/MD5 checksum: 87434 8d960c7671eac2a480a43cd948a98d7d Size/MD5 checksum: 88904 8d3692ecc555ca40558d50333bf543a9 Size/MD5 checksum: 82386 3bc6d055f6eb74edfd23ca8dbfb8fa3e Size/MD5 checksum: 95738 beee5393efe02def8071a78a3707244c Size/MD5 checksum: 104062 a70e01f8055201519b14718555023abb Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 106204 cd0b909a3d31bc9a0649a6f16bd54478 Size/MD5 checksum: 1487 24e0ca65d2b17abd34328dd21994dd9a Size/MD5 checksum: 10225404 bd24808ce79363d4c7c529778f6f5324 Architecture independent packages: Size/MD5 checksum: 213590 e252b1c97bda1c020e89c30e5faacac8 Size/MD5 checksum: 106960 acdbec4148e84ccfaf6993cbbddf9dd2 Size/MD5 checksum: 88822 cbc85f52ffca569001a0bb7b0ec8d3dc Size/MD5 checksum: 95136 452be3de57f17866b0de3d3f19c0072f Size/MD5 checksum: 1112248 25679e24ad18e5a910a8d43808ebac13 Size/MD5 checksum: 231056 3523089618564cec5703a4f8bf8eaa6e Size/MD5 checksum: 101588 30efdc5330cf09bf91afb2fe12c58db3 Size/MD5 checksum: 100824 8dcc63a9768d2dd192566dccf3c07a9e Size/MD5 checksum: 88550 b62b84da2aff9e56860667ce193f3351 Size/MD5 checksum: 122072 bdd9b60445fdf1e1af9a943d9250af7b Size/MD5 checksum: 1397376 6bd8964fea18f429267972ee471d8d06 Size/MD5 checksum: 92884 9c1029863905773f982f524d5394b934 Size/MD5 checksum: 94654 dfb3d71e7ebdee27ec7bcf8a536477c4 Size/MD5 checksum: 97388 aee4295339ef21d98e8f067ab6625aea Size/MD5 checksum: 129550 65f1fd24bda024f8ff2e4d87ca68c605 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . The Debian security team has issued a Gforge advisory which tackles a symlink exploit that could result in a denial of service issue.. denial of service, gforge security, local exploit, debian advisory. . Severity: Critical. LinuxSecurity.com Team

Dec 03, 2009 •Critical Debian

security advisorycriticaldebian

Debian Lenny DSA-1937-1 Critical: Gforge Cross-Site Scripting Issue

It was discovered that gforge, collaborative development tool, is prone to a cross-site scripting attack via the helpname parameter. Beside fixing this issue, the update also introduces some additional input . - ------------------------------------------------------------------------ Debian Security Advisory DSA-1937-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Steffen Joeris November 21, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : gforge Vulnerability : insufficient input sanitising Problem type : remote Debian-specific: no CVE ID : CVE-2009-3303 It was discovered that gforge, collaborative development tool, is prone to a cross-site scripting attack via the helpname parameter. Beside fixing this issue, the update also introduces some additional input sanitising. However, there are no known attack vectors. For the stable distribution (lenny), these problem have been fixed in version 4.7~rc2-7lenny2. The oldstable distribution (etch), these problems have been fixed in version 4.5.14-22etch12. For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 4.8.1-3. We recommend that you upgrade your gforge packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 andsparc. Source archives: Size/MD5 checksum: 203139 67406308953934e8d68ca1cd97154023 Size/MD5 checksum: 953 2176dd5939538d180d60637d77260f19 Size/MD5 checksum: 2161141 e85f82eff84ee073f80a2a52dd32c8a5 Architecture independent packages: Size/MD5 checksum: 705438 d40c97c6f0d0823b966b48b9b1b7eb6f Size/MD5 checksum: 80534 c86b0696f707df2df400ef46838a2505 Size/MD5 checksum: 1011566 644f57ac3a902d69369806763b29e484 Size/MD5 checksum: 104034 43bb51625ea030e4bca2a1753720acd0 Size/MD5 checksum: 86598 801eb1462e783877698f8181e93c7d37 Size/MD5 checksum: 87402 9601350198b4a1c4946b26cbfc0089f0 Size/MD5 checksum: 88868 9c73567d60ede088fe7c952c0d575a22 Size/MD5 checksum: 82348 ad231cb698733f3c3ce6cb65357aacee Size/MD5 checksum: 86318 448d7f114da5ef2188aa56f8dcd130f4 Size/MD5 checksum: 95726 d6557e0016666a5e9c53f38fed49c322 Size/MD5 checksum: 88766 c78075b8eab9c9b3ead54716d10cf370 Size/MD5 checksum: 89386 2837d3a26850e5622294eb44aa49f3e2 Size/MD5 checksum: 212746 1c48e12e5e61d5f56edd0de46884af52 Size/MD5 checksum: 76334 4e63c7735c92764d82dfdf4f742be2cb Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 1487 0b1ce8a3757f45818006361e1eeb8140 Size/MD5 checksum: 104727 3ce01d7387d05990a61a28e831a62f7b Size/MD5 checksum: 10225404 bd24808ce79363d4c7c529778f6f5324 Architecture independent packages: Size/MD5 checksum: 100794 9e7c73b64c1929858089717fc32585b2 Size/MD5 checksum: 92854 e9c5d38f5fc5a51fe417b38b6c359702 Size/MD5 checksum: 129406 053272d5f4440d75825890ddd6bf5169 Size/MD5 checksum: 1112528 77f4e8dc932777a36cf941a1bd5b10a8 Size/MD5 checksum: 213574 14405a0cb843748ba77c691eaa60d4b6 Size/MD5 checksum: 101554 3aa3bb38dfc4a8bb3834f3397b03c688 Size/MD5 checksum: 97364 7a73fb6cd3af0addda1076f68b4ceaa7 Size/MD5 checksum: 95108 3dac1b4c78f967488693d3efb8b9f1b0 Size/MD5 checksum: 88522 ffb28f911b5b5a638376cfaa598dc443 Size/MD5 checksum: 122034 565dcc6c8acccfa4c6ae12121b774fa6 Size/MD5 checksum: 1397340 47fdfdfda7355f12fe807d9f01e79d5c Size/MD5 checksum: 231012 3a6ff0778f890ca32ec7c8fae97ef996 Size/MD5 checksum: 94622 b533f09eedfd0b9f29dd07d4f9e64e06 Size/MD5 checksum: 106930 fcd1127a7c6c19ccf3c2a4a4931eb598 Size/MD5 checksum: 88790 428a7b29217a916f004c085507128f88 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Debian Security Announcement DSA-1937-2 reports a critical remote code execution flaw in xyzlib alongside extensive patching instructions.. gforge Update, Debian Security, Cross-Site Scripting, Input Sanitizing. . Severity: Critical. LinuxSecurity.com Team

Nov 21, 2009 •Critical Debian

security advisorycriticalXSS

Debian: DSA-1818-1 Critical: Gforge SQL Injection And XSS

Laurent Almeras and Guillaume Smet have discovered a possible SQL injection vulnerability and cross-site scripting vulnerabilities in gforge, a collaborative development tool. Due to insufficient input . - ------------------------------------------------------------------------ Debian Security Advisory DSA-1818-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Steffen Joeris June 18, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : gforge Vulnerability : insufficient input sanitising Problem type : remote Debian-specific: no CVE IDs : CVE ids pending Laurent Almeras and Guillaume Smet have discovered a possible SQL injection vulnerability and cross-site scripting vulnerabilities in gforge, a collaborative development tool. Due to insufficient input sanitising, it was possible to inject arbitrary SQL statements and use several parameters to conduct cross-site scripting attacks. For the stable distribution (lenny), these problem have been fixed in version 4.7~rc2-7lenny1. The oldstable distribution (etch), these problems have been fixed in version 4.5.14-22etch11. For the testing distribution (squeeze), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 4.7.3-2. We recommend that you upgrade your gforge packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstableupdates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 2161141 e85f82eff84ee073f80a2a52dd32c8a5 Size/MD5 checksum: 201451 94977f0fcf9809c2c56b7b4f030c749d Size/MD5 checksum: 952 73cb38a7bb8fb7371886d1af0632f0f6 Architecture independent packages: Size/MD5 checksum: 1011474 0a38ec79e8b10ee730169e6abe70d7a2 Size/MD5 checksum: 212716 db347a6691d2ee6155ee4eb404e3503c Size/MD5 checksum: 86560 3a76aa7d0e44e188b0e4a92685127162 Size/MD5 checksum: 86266 de7a343ca8786dc611820b1fda735135 Size/MD5 checksum: 80488 cbb1fb7d47b3ac865e3baa446d0af066 Size/MD5 checksum: 89334 42feee7a50b0b106919a78fdcff4167e Size/MD5 checksum: 88730 a06c1f5db2a6a7c703d07e165a6ece53 Size/MD5 checksum: 95708 8338b93e5bd4cda3befe20c02a67a321 Size/MD5 checksum: 76296 bf558ca5cc8332056033710f98b1c015 Size/MD5 checksum: 88824 f4839730b37f387e4d5e50944b1164c5 Size/MD5 checksum: 87368 2d0393bf75d68ec115fd2ca74ebacb5d Size/MD5 checksum: 705186 cde383e7fb26af98e925ae64c8a36b01 Size/MD5 checksum: 82304 5434b187e218fc807ad900c3dd4b9a86 Size/MD5 checksum: 103986 dd0c348499935f9e02f04ecdb9ef150d Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 1486 e7a7c74f21808c7f33dc901be6933103 Size/MD5 checksum: 102240 f5441aa166901192aaca66beba497011 Size/MD5 checksum: 10225404 bd24808ce79363d4c7c529778f6f5324 Architecture independent packages: Size/MD5 checksum: 106876 c11cc5d541653a764bc282efbd11c689 Size/MD5 checksum: 213540 47273c7ff0d9826dc912e57c43a5652e Size/MD5 checksum: 97302 138c96c98f96751ea2ca6055864a502b Size/MD5 checksum: 129362 2456cca2f7712d4bca217a223e5cb541 Size/MD5 checksum: 230964 c0a9f22a5bf6da679ac034c5d3d2b08a Size/MD5 checksum: 100746 49a89ed3083e1d7b7e195e901828e6fc Size/MD5 checksum: 101510 f7af3a1c28c7f18dc5a4b4b59b713ef1 Size/MD5 checksum: 95058 68975f63793f7633436ebeec2f89bdc3 Size/MD5 checksum: 88468 0dc63613df9a6f1c993e57f8635d5e41 Size/MD5 checksum: 88736 afe2ccbd51b758a9ea26e3a999144158 Size/MD5 checksum: 94572 19d5655343fea53c3efaf00ca2178972 Size/MD5 checksum: 1112514 154682e81a30d27d9cf1023f8274e0e5 Size/MD5 checksum: 92798 70cf1ce13e39be31c3db12c83844481a Size/MD5 checksum: 121988 4d916fe368ac5c9e2e87e3d2b6462b3c Size/MD5 checksum: 1397172 a12b8e472a88c2b1f8c5af035e8223dd These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Ubuntu releases a bulletin regarding gforge weaknesses, addressing SQL injection and XSS threats to improve safety.. gforge, Security Advisory, SQL Injection, XSS, Debian. . Severity: Critical. LinuxSecurity.com Team

Jun 18, 2009 •Critical Debian

security advisorydebiansql injection

Debian GForge Update: DSA-1698-1 Critical SQL Injection Remediation

It was discovered that GForge, a collaborative development tool, insufficiently sanitises some input allowing a remote attacker to perform SQL injection. . - ------------------------------------------------------------------------ Debian Security Advisory DSA-1698-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Thijs Kinkhorst January 09, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : gforge Vulnerability : insufficient input sanitising Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-2381 It was discovered that GForge, a collaborative development tool, insufficiently sanitises some input allowing a remote attacker to perform SQL injection. For the stable distribution (etch), this problem has been fixed in version 4.5.14-22etch10. For the testing (lenny) and unstable distribution (sid), this problem has been fixed in version 4.7~rc2-7. We recommend that you upgrade your gforge package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: Size/MD5 checksum: 2161141 e85f82eff84ee073f80a2a52dd32c8a5 Size/MD5 checksum: 199329 6414734bde3d1783cf0e2444132d64ff Size/MD5 checksum: 199610 73b60a0e768f798d14102b84e44cd9b1 Size/MD5 checksum: 952 c2252c54ffade219203d006cdc64f91d Size/MD5 checksum: 950 157db49aeacbdbee525e922defce5f16 Architecture independent packages: Size/MD5 checksum: 80422a9b65d4e911add81e36120fbc544f81c Size/MD5 checksum: 705076 633d26be5fa1f2ade140c7da64fa6e6c Size/MD5 checksum: 103914 676482196214c4a12639a02521c53a7d Size/MD5 checksum: 212550 85b6f53b1e4a4ead87d775f11c77b49a Size/MD5 checksum: 705018 90f3187e48801bb2ec2db79378d2a591 Size/MD5 checksum: 76138 243c034e04e560bda6c36bdc9dc7c507 Size/MD5 checksum: 212632 096dd8f5c46723d1380f9a167d6bb376 Size/MD5 checksum: 1010976 9e60171c74bc627e73e062c30e169d7e Size/MD5 checksum: 86194 8bb823343c71101fa959b45765b597b6 Size/MD5 checksum: 87206 ece177d2a29bad7645fd3814903b2e8b Size/MD5 checksum: 88566 6739e7cb336746e32645ed46f940e39f Size/MD5 checksum: 1011010 516e5203afff464172b02ffd5c30a89e Size/MD5 checksum: 88670 8562b858d5e691eed636c51ac97575fe Size/MD5 checksum: 88650 ffb7e94dfcde242e63727afcbb5cf541 Size/MD5 checksum: 80324 a7a10e2bb6da8f71778d39885741d9d6 Size/MD5 checksum: 89178 4e859efc65d23de82d8254476467a092 Size/MD5 checksum: 76234 7c50c3c5583f68804979efd5adf2992a Size/MD5 checksum: 82138 3827dc51c27eeb10707339326e2af17c Size/MD5 checksum: 86392 ae8fc096931982372d6926e2633dbbd2 Size/MD5 checksum: 89260 5508b317689cb6832109c3aed78cb58e Size/MD5 checksum: 95648 33598476706a7884652666ca2ca1af28 Size/MD5 checksum: 86482 0508b738b4b48b9f0f60f732b1e91d74 Size/MD5 checksum: 95592 1743291eb91467798186579f3aaf1d25 Size/MD5 checksum: 87286 cda968a4ac1f7b4827fd3494334d31b6 Size/MD5 checksum: 86104 e4ed2bb5eb3dd6571bf98ffbbe8042e6 Size/MD5 checksum: 82230 e816404997ed010acc59c6662b483317 Size/MD5 checksum: 103826 abd5c30fc9a5b6f8c5beb50056333688 Size/MD5 checksum: 88752 579a75816591e7c458ad57dbf3c3b32f These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: debhttps://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Important update addressing SQL injection vulnerability in GForge for Debian systems. Users advised to upgrade for enhanced security.. Gforge Fix, Debian Security Advisory, SQL Injection Protection. . Severity: Critical. LinuxSecurity.com Team

Jan 09, 2009 •Critical Debian

security advisoryDebianinsecure files

Debian 4.0 DSA-1577-1 Critical: GForge Insecure Temporary Files

Stephen Gran and Mark Hymers discovered that some scripts run by GForge, a collaborative development tool, open files in write mode in a potentially insecure manner. This may be exploited to overwrite arbitary files on the local system. . - ------------------------------------------------------------------------Debian Security Advisory DSA-1577-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Thijs Kinkhorst May 14, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------Package : gforge Vulnerability : insecure temporary files Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-0167 Stephen Gran and Mark Hymers discovered that some scripts run by GForge, a collaborative development tool, open files in write mode in a potentially insecure manner. This may be exploited to overwrite arbitary files on the local system. For the stable distribution (etch), this problem has been fixed in version 4.5.14-22etch8. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your gforge package. Upgrade instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - -------------------------------Source archives: Size/MD5 checksum: 950 b920bc8243418bf618256638369bc4cd Size/MD5 checksum: 2161141 e85f82eff84ee073f80a2a52dd32c8a5 Size/MD5 checksum: 198227 d2fa0c2fcd092cca4b06fa58c852bacc Architecture independent packages: Size/MD5checksum: 88632 653a57ad16301d4c56dd6258c7899bf3 Size/MD5 checksum: 704846 40d23715b91b68be2818f3cd40fcd69f Size/MD5 checksum: 76104 b9536b17b890cb1e9c01774799a2b7a7 Size/MD5 checksum: 80300 14cb35a87fcd66ec653f2f195f1257ba Size/MD5 checksum: 88530 949dba8de49b5294a6c1607c0e0867a9 Size/MD5 checksum: 86364 e5b31d0d6241fc49af69fa18a43ca5cb Size/MD5 checksum: 87170 4c43a30b39c833c6459bebf65efa3ffd Size/MD5 checksum: 1010898 6834ceb2ad8bec97dec9885f5d67a142 Size/MD5 checksum: 212528 aa2271a99ae166fda40c1dac6e866548 Size/MD5 checksum: 86070 5dc7c68b4c4d9a42809836405b85a240 Size/MD5 checksum: 89146 ca4c0ca3f759fac3419e9523ec7772a2 Size/MD5 checksum: 82106 706a78d1a7d86304890844b61988b580 Size/MD5 checksum: 95576 a2bba36bc643f1adf1950574fa38ff1d Size/MD5 checksum: 103780 666082ac03c7edecc48fce7072890654 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian's DSA-1628-1 tackles vulnerabilities in gnome-shell to mitigate potential security breaches.. Debian Security Advisory,gforge exploit,insecure file handling,local attacks. . Severity: Critical. LinuxSecurity.com Team

May 14, 2008 •Critical Debian

security advisoryremote exploitdebian

Debian: DSA-5001-1 Moderate: GForge Vulnerability in Cross Site Scripting

José Ramón Palanco discovered th a cross site scripting vulnerability in GForge, a collaborative development tool, allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user's session.. - ------------------------------------------------------------------------Debian Security Advisory DSA-1475-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Thijs Kinkhorst January 26, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------Package : gforge Vulnerability : missing input sanitising Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-0176 José Ramón Palanco discovered th a cross site scripting vulnerability in GForge, a collaborative development tool, allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user's session. For the stable distribution (etch), this problem has been fixed in version 4.5.14-22etch5. The old stable distribution (sarge) is not affected by this problem. For the unstable distribution (sid) this problem has been fixed in version 4.6.99+svn6347-1. We recommend that you upgrade your gforge package. Upgrade instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - -------------------------------Source archives: Size/MD5 checksum: 2161141 e85f82eff84ee073f80a2a52dd32c8a5 Size/MD5 checksum: 950 5416e7f128db22b483573e7e2cf0b519 Size/MD5 checksum: 1974408a12d00cf17dfdd7494985c4f8f29911 Architecture independent packages: Size/MD5 checksum: 88336 ef9fd62cd1104bb8a0a44f9ab6c00f48 Size/MD5 checksum: 80086 aa3c0d2cf684fbf36461957983697905 Size/MD5 checksum: 1010572 cdffbbec0307d622055f8c83d20729bc Size/MD5 checksum: 88430 54534ede5d4892b11e811d1dd2c1e163 Size/MD5 checksum: 88940 297da4e3095868da632ab328e1d13b81 Size/MD5 checksum: 704662 73e25880fb3aeffdfa74b2135fd8a699 Size/MD5 checksum: 75900 e57351a0174e579eaf4c5a22a6ef2c35 Size/MD5 checksum: 212338 73e57f965fcc865f1995ca6dab808282 Size/MD5 checksum: 81914 5b8ba2b559bb02e5b8fbf3a136f2c05d Size/MD5 checksum: 85866 9de18ba9b22999a83e5603a6cb6df245 Size/MD5 checksum: 103578 0b763ea3bc7aa6f0f46575416b31120b Size/MD5 checksum: 86154 aaa05646086fc3d408c010d7d0bb776b Size/MD5 checksum: 86970 e6b3f1bd2667fb1e19e094719d3451ae Size/MD5 checksum: 95418 59e4878ae57e30de94925e1975cf8c11 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian's security team warns of a cross-site scripting (XSS) vulnerability in GForge, risking user sessions. Update GForge to safeguard against XSS threats. GForge Security,Cross Site Scripting,Remote Exploit,Debian Updates,Security Fix. . LinuxSecurity.com Team

Jan 26, 2008 Debian

security advisorydebiansql injection

Debian: DSA-1459-1 Moderate: Gforge SQL Injection Vulnerability Alert

It was discovered that Gforge, a collaborative development tool, did not properly sanitise some CGI parameters, allowing SQL injection in scripts related to RSS exports. . - ------------------------------------------------------------------------Debian Security Advisory DSA-1459-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Thijs Kinkhorst January 13, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------Package : gforge Vulnerability : insufficient input validation Problem-Type : remote Debian-specific: no CVE ID : CVE-2008-0173 It was discovered that Gforge, a collaborative development tool, did not properly sanitise some CGI parameters, allowing SQL injection in scripts related to RSS exports. For the stable distribution (etch), this problem has been fixed in version 4.5.14-22etch4. For the old stable distribution (sarge), this problem has been fixed in version 3.1-31sarge5. For the unstable distribution (sid), this problem has been fixed in version 4.6.99+svn6330-1. We recommend that you upgrade your gforge packages. Upgrade instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 3.1 (oldstable) - ----------------------Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 298148 fd78915a83bd2c0ebf907adb10369846 Size/MD5 checksum: 1409879 c723b3a9efc016fd5449c4765d5de29c Size/MD5 checksum: 868 336e19234bd80dd1856259700146978a Architecture independent packages: Size/MD5 checksum: 1108124 36e222e23527c67affc8d103bc483351 Size/MD5 checksum: 58324 639ec6b4b363a4526d6d459858b230ce Size/MD5 checksum: 59936 1201c29fe43d659ba1fa1ec8d1c97dcb Size/MD5 checksum: 148510 c4eeb3e6b1fb6d1d5d8b7a5dcbdc2b5a Size/MD5 checksum: 93948 8b3b2651d9c87db5001a3207174f0620 Size/MD5 checksum: 72540 3c46ebf2c9c7790913b4138fda70abf7 Size/MD5 checksum: 56466 2b16eefa372e82788db9d8628f689763 Size/MD5 checksum: 99274 63cd91f21d6c1c8070cab36e8c116b57 Size/MD5 checksum: 59412 6ad709e90b0071acf6b002824c99a996 Size/MD5 checksum: 64758 552a93aa07b144e643dfbcc97cb84064 Size/MD5 checksum: 55908 bfc08b5a188699a7b524ca8849d123db Size/MD5 checksum: 70838 f699bb5444a9b7bb8e096c44e3cd0650 Size/MD5 checksum: 64858 efd816ced0348fa8b56f4c3e5256a840 Size/MD5 checksum: 65220 b9e32d3ccfa6a1de77393da4563e5fb2 Size/MD5 checksum: 61078 3374d78c0cef648a6aad1725a1e6cb1a Debian 4.0 (stable) - -------------------Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 2161141 e85f82eff84ee073f80a2a52dd32c8a5 Size/MD5 checksum: 197311 a00eedb23b776476b9a42618487d89b1 Size/MD5 checksum: 950 b36ce450f342c604fd12549450fff6ae Architecture independent packages: Size/MD5 checksum: 103548 beacacca088438618b23477f568f08e0 Size/MD5 checksum: 95388 aa8716e4240606526fc633ba8c02b74a Size/MD5 checksum: 75870 81c7219391d9fac23d6df62be3ab8bf5 Size/MD5 checksum: 212334 4cc28fdcf336a60bba2a89072683a5f9 Size/MD5 checksum: 86934 ea3e49b38459636b14ba4346bc045cf0 Size/MD5 checksum: 80056 fb3df49a34571c38a43e625e73f1a124 Size/MD5 checksum: 85838 4f38f483e13b4c9b5fcbbd379ff841f4 Size/MD5 checksum: 88404ba2c15b2bdd2f67a8abd3dd0bf9a326e Size/MD5 checksum: 88914 0e657fdc22f4e1f14a63e3c583bc2dcb Size/MD5 checksum: 704634 162e04520f993c85af6aac6565b01e90 Size/MD5 checksum: 86126 71dce38865bdf01366a992336ae403d3 Size/MD5 checksum: 81878 986a88180ea39ec6969f6b3f72006818 Size/MD5 checksum: 1010552 cfafa0c6c1b5ba02a0d665cbe76b11cb Size/MD5 checksum: 88306 4290daefda537d4f1f2127ee9eaabe49 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . A critical security alert about the gforge package update that addresses SQL injection vulnerabilities. Please examine this document for essential updates and risk management strategies. Gforge Security, Debian Update, Input Validation Fix. . Severity: Important. LinuxSecurity.com Team

Jan 13, 2008 •Important Debian

security advisorymoderatedenial of service

Debian: DSA-1402-1 Moderate: Gforge Local File Security Risk

Steve Kemp from the Debian Security Audit project discovered that gforge, a collaborative development tool, used temporary files insecurely which could allow local users to truncate files upon the system with the privileges of the gforge user, or create a denial of service attack.. - ------------------------------------------------------------------------Debian Security Advisory DSA-1402-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Steve Kemp November 07, 2007 http://www.debian.org/security/faq - ------------------------------------------------------------------------Package : gforge Vulnerability : insecure temporary files Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-3921 Steve Kemp from the Debian Security Audit project discovered that gforge, a collaborative development tool, used temporary files insecurely which could allow local users to truncate files upon the system with the privileges of the gforge user, or create a denial of service attack. For the stable distribution (etch), this problem has been fixed in version 4.5.14-22etch3. For the old stable distribution (sarge), this problem has been fixed in version 3.1-31sarge4. We recommend that you upgrade your gforge package. Upgrade instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - --------------------------------Source archives: Size/MD5 checksum: 868 4005b2a103656a62f38e1786a227b1d0 Size/MD5 checksum: 1409879 c723b3a9efc016fd5449c4765d5de29c Size/MD5 checksum: 297962 8fd56957c8fbab462ac619339c2f00d3 Architecture independent packages: Size/MD5 checksum: 55884 f4b7e0aee840e3574a0febf1615070be Size/MD5 checksum: 70804 967a22a70e3ee974962073ab74cfb980 Size/MD5 checksum: 61044 7b10ab898c539af9aa118b38fcd77843 Size/MD5 checksum: 72508 7ad6f5e0672cbb256fd12f270130adc6 Size/MD5 checksum: 56432 fc8ee68a79928b0833e2a183228a3493 Size/MD5 checksum: 59388 d0db9082a30227f4b9b60491d58a8c78 Size/MD5 checksum: 99248 6fb788e20a56a3b39688723a1c285680 Size/MD5 checksum: 59914 79c5932a61e0382017da8e1893307e66 Size/MD5 checksum: 148476 e22948a815a5ffa5b4c829b926f04d8c Size/MD5 checksum: 93924 12005d816bb895cb93c3add804d137bf Size/MD5 checksum: 64834 bea186826f61ae4b1d473d45d2821538 Size/MD5 checksum: 65198 b17e85bb88554d2e083d9dcb799e6da7 Size/MD5 checksum: 1108056 f812bd185a9dede06dec099e9abaa335 Size/MD5 checksum: 58298 c3abd99679008d3919d59e373589d8cd Size/MD5 checksum: 64732 941c0d9bc65f37e3e8860adf3181a3fc Debian GNU/Linux 4.0 alias etch - -------------------------------Source archives: Size/MD5 checksum: 950 6099abb16f573f57a3bef4a5fec2df30 Size/MD5 checksum: 196475 94131f4f4040768e173c4568894f052f Size/MD5 checksum: 2161141 e85f82eff84ee073f80a2a52dd32c8a5 Architecture independent packages: Size/MD5 checksum: 85774 6ef702c44459bcb5602cf15f2c5408a7 Size/MD5 checksum: 88240 03cd801f8442311fa94772b7f7994b92 Size/MD5 checksum: 81816 0513fa49e24d3d32aab0b06f1784917a Size/MD5 checksum: 212246 5c8141de198c575026dd45daa102abf8 Size/MD5 checksum: 86880 ed9555dda5c9362f86f9fd19f44da63e Size/MD5 checksum: 86070 4f98531e9f1a9140ead750449bece33e Size/MD5 checksum: 88852 fbb81cbba0e639c37f2aa4ed388ccb97 Size/MD5 checksum: 1010522 d6c6de89c0373fe98f23484985db224b Size/MD5 checksum: 80004e57126df7280e1ef2822514db1886d34 Size/MD5 checksum: 95346 2303c086ce85a29158fc6c6e98fe168d Size/MD5 checksum: 75808 5847979a3121ba010aa9cc99bf72d63b Size/MD5 checksum: 704552 f805d6dee8f80eed35d6b52f821e8e05 Size/MD5 checksum: 103496 daab9b6b66b251d69b1774fd90c6fc98 Size/MD5 checksum: 88346 be6ee1639fe1bcd0a3d8fb0ec398b48c These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Recent gforge updates in Debian address local file vulnerabilities and possible Denial of Service risks. Users should upgrade promptly.. Gforge Security Fix, Debian Advisory, Local File Security, Denial of Service Risk. . Severity: Important. LinuxSecurity.com Team

Nov 07, 2007 •Important Debian

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Debian DSA-1945-1 Critical: Gforge Symlink Attack Denial Of Service

Debian Lenny DSA-1937-1 Critical: Gforge Cross-Site Scripting Issue

Debian: DSA-1818-1 Critical: Gforge SQL Injection And XSS

Debian GForge Update: DSA-1698-1 Critical SQL Injection Remediation

Debian 4.0 DSA-1577-1 Critical: GForge Insecure Temporary Files

Debian: DSA-5001-1 Moderate: GForge Vulnerability in Cross Site Scripting

Debian: DSA-1459-1 Moderate: Gforge SQL Injection Vulnerability Alert

Debian: DSA-1402-1 Moderate: Gforge Local File Security Risk

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!