Stay Vigilant with Timely Linux Security Advisories

security advisorysecurity issueremote code execution

Debian: DSA-2046-1 Critical: phpgroupware Remote Code Execution Attack

Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems: . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2046-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Giuseppe Iuculano May 13, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : phpgroupware Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2010-0403 CVE-2010-0404 Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0403 A local file inclusion vulnerability allows remote attackers to execute arbitrary PHP code and include arbitrary local files. CVE-2010-0404 Multiple SQL injection vulnerabilities allows remote attackers to execute arbitrary SQL commands. For the stable distribution (lenny), these problems have been fixed in version 1:0.9.16.012+dfsg-8+lenny2 For the testing distribution (squeeze) and the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your phpgroupware package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) ---------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 19383160 bbfcfa12aca69b4032d7b4d38aeba85f Size/MD5 checksum: 1662 1a1ff2d6badf454ba2b948ee1268e57b Size/MD5 checksum: 74293 9ba66bc79bc0f5bb6454a3372bc2bfd8 Architecture independent packages: Size/MD5 checksum: 91562 51f6a2473368c6c21d19b8fd6349635f Size/MD5 checksum: 7985242 c19ed260050702c356c4d14db87e3f0d Size/MD5 checksum: 20158 c09431d20a4d833841340ea79e03854d Size/MD5 checksum: 281402 2fc54aa2367098332f67b846b17d8c7a Size/MD5 checksum: 48876 41cc095cbbc3bd97ae36754405df60b9 Size/MD5 checksum: 1167580 4b63e0460fb590082a29391d26331b1e Size/MD5 checksum: 1529004 52216c8fa04c49ebf2d5d12aa6a8013a Size/MD5 checksum: 22522 783f747d25f32fe4024db807a0727261 Size/MD5 checksum: 4726 0a3140a4bdc80c8b421ef865c1f730d3 Size/MD5 checksum: 130240 dc11591ae411a496bc5828d88eaed65d Size/MD5 checksum: 50810 b632b74158236fea55b5014830c26369 Size/MD5 checksum: 60432 8355e743ea535fbb8b5afef5bcb196bb Size/MD5 checksum: 93564 f44dbd8f6b2902d4980c4ec23d955d02 Size/MD5 checksum: 41194 9ed410fd27d8e0c7430a90fa2eaabb70 Size/MD5 checksum: 270288 ffa447f1b07658090d9acdec93ef31a5 Size/MD5 checksum: 188302 84057847fe79ad066a751a0b5f1abef7 Size/MD5 checksum: 176400 0294b85b1e34e7879edbc4ee832dfa43 Size/MD5 checksum: 33074 95aff5b1efc3ba4eeb3a5756549ae070 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Networking problems inphpgroups demand immediate resolutions. Update advised for protection.. phpgroupware Remote Attack, Debian Security Advisory, Phpgroupware Upgrade. . Severity: Critical. LinuxSecurity.com Team

May 13, 2010 •Critical Debian

security advisoryremote exploitsoftware update

Debian 5.0 Lenny DSA-1978-1 High Risk: phpGroupWare Remote Issues

Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems: . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1978-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff January 26, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : phpgroupware Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2009-4414 CVE-2009-4415 CVE-2009-4416 Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4414 An SQL injection vulnerability was found in the authentication module. CVE-2009-4415 Multiple directory traversal vulnerabilities were found in the addressbook module. CVE-2009-4416 The authentication module is affected by cross-site scripting. For the stable distribution (lenny) these problems have been fixed in version 0.9.16.012+dfsg-8+lenny1. For the unstable distribution (sid) these problems have been fixed in version 0.9.16.012+dfsg-9. We recommend that you upgrade your phpgroupware packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny --------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 19383160 bbfcfa12aca69b4032d7b4d38aeba85f Size/MD5 checksum: 70541 fc805ae50cd52606578ed95e8a5bde96 Size/MD5 checksum: 1662 0507c4e0a6be1d93a060a7c6222c84c0 Architecture independent packages: Size/MD5 checksum: 1167526 b7d47f4df02c98e3269fd2b8bce094f4 Size/MD5 checksum: 48252 80a0c4bf563e576fbad0b023fcca2f4b Size/MD5 checksum: 268338 acdc243f1b2cbcea42a548408232657d Size/MD5 checksum: 180662 e0835bac92df72541b52912e80e1e852 Size/MD5 checksum: 22380 c12295c8f5f4abdf2f9d8c94ceefe4a1 Size/MD5 checksum: 41572 d21d4ab4ce6adbb23a46a21fd0dd67cb Size/MD5 checksum: 93094 dc2bcd999a4a97a0acb8a0a9b156ea03 Size/MD5 checksum: 95206 0faba6d54c83ac610d11a256a12eec67 Size/MD5 checksum: 1522130 c4ff77bb7c80222b04ccdb130f5d2db6 Size/MD5 checksum: 60034 b7b86ca86b431dbd7b637506db451196 Size/MD5 checksum: 20228 5563f9a3d9b4835b2c89cb1ba571b23f Size/MD5 checksum: 4546 de306e6062f710d430704297106f192e Size/MD5 checksum: 192062 0427388ce20eb307946c6272856313b7 Size/MD5 checksum: 33356 700f8d5a2b8fff7b03f464259f912ddb Size/MD5 checksum: 130988 230362e560b03abda388bb0964516d6c Size/MD5 checksum: 7984748 82aff1fbf1f337ad876dd63be9914102 Size/MD5 checksum: 276764 6c743b8fcfbdfa313086264ccee8a7fd Size/MD5 checksum: 50716 6c7c8523a8e03e94a9211efccb337dd0 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Addressedremote security flaws in phpgroupware. Users are advised to update for improved protection and performance.. phpgroupware vulnerabilities, Debian advisory, remote exploit fixes, package updates. . Severity: Important. LinuxSecurity.com Team

Jan 26, 2010 •Important Debian

security advisorydebianremote threat

Debian: DSA 1063-1 Critical: Phpgroupware Input Sanitization Exploit

Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 1063-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff May 8th, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : phpgroupware Vulnerability : missing input sanitising Problem-Type : remote Debian-specific: no CVE ID : CVE-2005-2781 Debian Bug : 340094 It was discovered that the Avatar upload feature of FUD Forum, a component of the web based groupware system phpgroupware, does not sufficiently validate uploaded files, which might lead to the execution of injected web script code. For the old stable distribution (woody) this problem has been fixed in version 0.9.14-0.RC3.2.woody6. For the stable distribution (sarge) this problem has been fixed in version 0.9.16.005-3.sarge5. For the unstable distribution (sid) this problem has been fixed in version 0.9.16.009-1. We recommend that you upgrade your XXXXXXXXXXXXXX package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: Size/MD5 checksum: 1650 a8b4043505ade9c7a892de2e20b4bafc Size/MD5 checksum: 451095 1f7bc2394a54e08b7f82dd690cc4ed21 Size/MD5 checksum: 8356188 22e715d0884d09aa848d694701a85b6b Architecture independent components: Size/MD5 checksum: 81862c83e9f68579859233adb176f8ac697a9 Size/MD5 checksum: 144016 baaa556e24d3149fc83d9a272e8e3961 Size/MD5 checksum: 283966 f18bcc2a0583743389f9475603352125 Size/MD5 checksum: 2119202 3367647a848bff937e1a4a04f3767641 Size/MD5 checksum: 42312 c865ae750a2bc4da1be3f551920484f6 Size/MD5 checksum: 119318 af55f928a97ef990e1c6e354cfc28e01 Size/MD5 checksum: 63534 50b23905605d7131e94c7ad2349c1998 Size/MD5 checksum: 228288 ce5ac5c015d54d668d4be55fc783e91c Size/MD5 checksum: 19962 4149327bd8be5a28c490127a76d7ad4e Size/MD5 checksum: 61118 0eec344f5b3030810a55785985aada1f Size/MD5 checksum: 328194 29a36cde3d2a100bd355c2262757d429 Size/MD5 checksum: 91356 3179e28ad0944b073a9556a9700a6d0f Size/MD5 checksum: 19716 59489a7babcca3d9a65a53b7e486dace Size/MD5 checksum: 42144 c56b7fcd24f0a75243dfd78092788e1f Size/MD5 checksum: 46616 ba2190be42e7ca3fdaa19534cae41c07 Size/MD5 checksum: 51530 03bb01bd9783b455ab1e258fdf51a850 Size/MD5 checksum: 321562 a5f661a20c8f71ef3f960c6b275791a5 Size/MD5 checksum: 38424 8da10b1cea7ab4b26b0e7319809ca2a6 Size/MD5 checksum: 49492 27dbafd16f64ca2b6cafce8a9e31a012 Size/MD5 checksum: 40582 a694f888dd1c9faf277ff3dac6779391 Size/MD5 checksum: 60080 33f9f53fbf69922ceccfb934147c5536 Size/MD5 checksum: 24282 bbc8338af95bb3dfe5ed5f245e7e2361 Size/MD5 checksum: 39490 e499d726cb8fd44687ec60d5c9aba018 Size/MD5 checksum: 94906 9deea6e659fe8f2ad5b0cfb8845c1140 Size/MD5 checksum: 94638 996a46ec1031c2c7d4f8b25a5711f898 Size/MD5 checksum: 88020 43c918d2491116d3ed5d1afac35e3b8d Size/MD5 checksum: 30352 8b3e2fdc1611420f0a4b36f9a629e1e1 Size/MD5 checksum: 26128 d429474ab6f1f62ccbebe7d6bf69b84f Size/MD5 checksum: 31958d88a64deced5224ef510337c8fb2b37c Size/MD5 checksum: 43152 36471891daedb198174670cc45e9e17b Size/MD5 checksum: 28012 68f892fff5c0bc650b6d06219c5071b1 Size/MD5 checksum: 22244 35c169e88342d64ab6781160a901ece3 Size/MD5 checksum: 36306 fa861bb756acc40636ea706ece0c92d1 Size/MD5 checksum: 62812 995809a1b7149fedb3d578b15d62be76 Size/MD5 checksum: 30082 98dd710444d52714d96f8aa89d24b1cd Size/MD5 checksum: 46600 43a1a95d47485d078515fec1aed5d3fb Size/MD5 checksum: 91878 cc03405f78d2b929973d5ef914504c90 Size/MD5 checksum: 36120 2b2b7ed023cc258f32ea1cd0e699f913 Size/MD5 checksum: 279126 73265213a9f60f3267b46968b42f8df6 Size/MD5 checksum: 31564 564f37d66805e04a26a6ce3154e50bbf Size/MD5 checksum: 23252 e3be2988fa1890c7580b3cd7f21e3533 Size/MD5 checksum: 27340 c310f90223fa6bbced6537ae92f46c51 Size/MD5 checksum: 44404 98fb8fc7f8bfee0717fe8ee475a63b78 Size/MD5 checksum: 47478 99adaaf6b131f282c38f0f6711754c2a Size/MD5 checksum: 28128 68691199be7926d49f68b298ecd24350 Size/MD5 checksum: 490608 496e73830ca02ef1cc83fb3dfe8e0864 Size/MD5 checksum: 75408 e8c14fc499ea27338e36089848a254f6 Size/MD5 checksum: 26124 281f88a4cde750eee219505221900e2e Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 1615 d6ff7ee4f27c1e71f8c24714259c92f0 Size/MD5 checksum: 37120 646f51af59284af7a56dfb2034b975a4 Size/MD5 checksum: 19442629 5edd5518e8f77174c12844f9cfad6ac4 Architecture independent components: Size/MD5 checksum: 177350 059a4f9088e5a73a398709c4cd1e9ae5 Size/MD5 checksum: 186820 74627f648e024d301b0ec28334f30cba Size/MD5 checksum: 102450 8852560a5d2d32c2295a00d7e337b171 Size/MD5 checksum: 323468 a3f5952793046329c17449929b9e27f0 Size/MD5 checksum: 23404 671e9521ae7dd2eafb6310a9b3698726 Size/MD5 checksum: 434428 ec345b6fea4caedf74114303c932c18a Size/MD5 checksum: 6734 b5383388f8cc10905e580e61445b74ba Size/MD5 checksum: 33700 e750df7f3d5378f7eb6e676fc6ac89a7 Size/MD5 checksum: 43818 5b99542b96311a6566fa3d4f0c4e53ad Size/MD5 checksum: 51138 9f35d918c797e7fa13e5a28332c6c8bb Size/MD5 checksum: 1118766 024023c08417e65a93f4fa20f7218371 Size/MD5 checksum: 1328590 8e0e87d0ff306fb2e98ca082ff19959d Size/MD5 checksum: 180404 ecba72e7f8d958e601a6cbeaf331c8d5 Size/MD5 checksum: 92834 7cbd5e350e05459c28455ea848f1b55e Size/MD5 checksum: 168034 3b7c560361c6e09fdc82aeafd94f3d93 Size/MD5 checksum: 45968 b9950d52d1cd59275a8b517786c66ef9 Size/MD5 checksum: 36764 4cb2c03804b12f0318c014410ba67d37 Size/MD5 checksum: 1353484 b6776109aa02a77a302d42d2b1ff6d64 Size/MD5 checksum: 63788 cbf7dca72a19a8117d3da9b6748635d6 Size/MD5 checksum: 19012 66ac8b34ac3e959d5aa968a4022fad47 Size/MD5 checksum: 8818 bd7c9bbcbc6ca7bba18f687738dd0c41 Size/MD5 checksum: 138000 a0ec85e1855b045975924ff77cded820 Size/MD5 checksum: 90610 e4a798fda79fec686e95be27626780c3 Size/MD5 checksum: 26204 54855b055ff79692182c16f2546ce329 Size/MD5 checksum: 41888 44a37e4636e20add04e1f90442e361ae Size/MD5 checksum: 48100 e81ae8bcb802d62640c5d13402ac21be Size/MD5 checksum: 35160 89464f64577aa51614e92d3a2223d07c Size/MD5 checksum: 20854 310cd0434e142ae17f5d63e37ab019a8 Size/MD5 checksum: 40954 9895ddf81d2f9ff3031f7b6dcf911776 Size/MD5 checksum: 9681698 c8c2dcb50f04c90b90a2808f9525c295 Size/MD5 checksum: 116874 e9fcfb252f6b2cc5eabe060671341f2c Size/MD5 checksum: 31746 d9c9e86eb7b2b02c1326656fe19b9c6d Size/MD5 checksum: 60204 ae5476756abb23558836d5eaea8e75ea Size/MD5 checksum: 121300 2c14c91d5ac606a6f3253c4272521bf4 Size/MD5 checksum: 23672 301559d88df74fbe8ce20044a10b0f31 Size/MD5 checksum: 30406 de9bcb93731c4e31f67cbb49c9cfcb06 Size/MD5 checksum: 269572 32fd6d497b2cc55e0888e2077e8d7553 Size/MD5 checksum: 903156 874cf242e0b305ab8aacb8f0b39407df Size/MD5 checksum: 19280 73547d5f8ebdb7385858be732e626af2 Size/MD5 checksum: 24210 9fdeec524b9799028cd7fd578c381cf3 Size/MD5 checksum: 22160 a57c2163515d871fdc10fafffbf3b4b0 Size/MD5 checksum: 51368 55a81bf8b3a735ff1983921559b3ee8d Size/MD5 checksum: 56656 bfadbbfc98e5e17379fdb6ccc4579bfd Size/MD5 checksum: 70024 653b3c506ef70a1e4c5be3963bce0464 Size/MD5 checksum: 62630 40fcea9ac89a29f93059388a6888f1a6 Size/MD5 checksum: 156932 d6137dc278256b9ed8e63089238e6b88 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Enhance phpgroupware to address vulnerabilities related to script execution stemming from inadequate input validation in Debian.. Debian Security Advisory, phpgroupware update, input validation risk. . Severity: Critical. LinuxSecurity.com Team

May 19, 2006 •Critical Debian

security advisorycriticalDebian

Debian: DSA-898-1 Important: Remote Vulnerabilities in phpgroupware

Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 898-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Martin Schulze November 17th, 2005 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : phpgroupware Vulnerability : programming errors Problem-Type : remote Debian-specific: no CVE ID : CVE-2005-0870 CVE-2005-3347 CVE-2005-3348 Debian Bug : 301118 Several vulnerabilities have been discovered in phpsysinfo, a PHP based host information application. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-0870 Maksymilian Arciemowicz discoverd several cross site scripting problems, of which not all were fixed in DSA 724. CVE-2005-3347 Christopher Kunz discovered that local variables get overwritten unconditionally and are trusted later, which could lead to the inclusion of arbitrary files. CVE-2005-3348 Christopher Kunz discovered that user-supplied input is used unsanitised, causing a HTTP Response splitting problem. For the old stable distribution (woody) these problems have been fixed in version 0.9.14-0.RC3.2.woody5. For the stable distribution (sarge) these problems have been fixed in version 0.9.16.005-3.sarge4. For the unstable distribution (sid) these problems have been fixed in version 0.9.16.008-2. We recommend that you upgrade your phpgroupware packages. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated updateby adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: Size/MD5 checksum: 1648 b566e2f51056fa8ac7d8b251d7a96ff9 Size/MD5 checksum: 450241 6eeab6967838532bd4ff397e3594de18 Size/MD5 checksum: 8356188 22e715d0884d09aa848d694701a85b6b Architecture independent components: Size/MD5 checksum: 79298 c2b985d562329e5dadaa007053b13b0d Size/MD5 checksum: 142622 c5773f488d74e817e3dd017f7d63f396 Size/MD5 checksum: 283750 026bc3f52bdf4cfb9e89396b1d658f05 Size/MD5 checksum: 2110096 d07c843fe0dc2f56c908ab62a7c3932f Size/MD5 checksum: 40660 95ba9a9bc2a615a0f4fbec5de1af138d Size/MD5 checksum: 121642 aa2250a0f423b29960a859ceca8f536a Size/MD5 checksum: 63996 a5adeb85c78d0b0d934a4c3d89533120 Size/MD5 checksum: 224328 8ff4ae362e2943bf5723f3b452e38874 Size/MD5 checksum: 19520 a0ad48a10a9ef92b21385dac1647951c Size/MD5 checksum: 60344 5c914d9839df514a7797b66e03abcb34 Size/MD5 checksum: 326802 f6dbeb5cfd3f1e8fcd30577d74e0c3a3 Size/MD5 checksum: 89716 46184743bb37272b7575fefe07769e5f Size/MD5 checksum: 19506 9bee51413e1d2e7e233d72320d974648 Size/MD5 checksum: 41384 c7b071fd0896d64c90c85f034ead73ec Size/MD5 checksum: 45948 5d7b9021bbe8645e376b652e321a2864 Size/MD5 checksum: 47580 274aa69642d97f7eae830e5a2f8853a5 Size/MD5 checksum: 313796 a8fcc446290f7ca6d8770a5cf6d133b5 Size/MD5 checksum: 37968 a339be1b0b48c3f25d0c13685ec32c94 Size/MD5 checksum: 48320 d580900a62cfc91c6ed00c28dac23de3 Size/MD5 checksum: 39984 8c59ea1ecf380674e2af66120b3fcb72 Size/MD5 checksum: 59948 76b9143103e8f3496dd9ad58790039f8 Size/MD5 checksum: 24306 ba9f2259950afb73c3617e52945f933f Size/MD5 checksum: 3925072811641f7f714455dc8216ae3ad470f Size/MD5 checksum: 93448 44146630a16580e20eb511ddb710d9ac Size/MD5 checksum: 89894 e3c507eeffe88fb1e0dfccb3678a81f7 Size/MD5 checksum: 93100 f87c371b8b37455f5d3766d65e081cbe Size/MD5 checksum: 30260 9294cbfad065ca30240a25cca10ab1c5 Size/MD5 checksum: 26678 07d0ae30f508575cd66b820b7be8d617 Size/MD5 checksum: 32100 77281a49f092426a3d68d55d0df67256 Size/MD5 checksum: 45032 7ff68e4368db0ae58a26dccc6095f762 Size/MD5 checksum: 27724 415876cf611fb4d676785923b3dd4d7b Size/MD5 checksum: 22260 71f59501cb31e2ac155dda3533f8d8a0 Size/MD5 checksum: 35596 0432bcee4145c34c13b83c1a097b04cc Size/MD5 checksum: 62238 12c217f1885578d005eeb778ae874048 Size/MD5 checksum: 30190 41f6d69d69ebd5d1cf13c61cc8795790 Size/MD5 checksum: 46148 de949dd6cd41c6817c40af466d5b2ea2 Size/MD5 checksum: 86830 d3228f43e0c7e93cb249e7aa06707985 Size/MD5 checksum: 36458 a81bab670414b8f322b0700694deca6e Size/MD5 checksum: 273064 fb1749a7609c2d858388f01c421e4950 Size/MD5 checksum: 31440 a88512cf06f4bac46cf0ad8a6f2ed046 Size/MD5 checksum: 23096 d7b9db3f1fe52ccb69a91db466ada9da Size/MD5 checksum: 27168 30abd675055b16e1867fc47b7f9f0f03 Size/MD5 checksum: 43666 f395710610352fa8bb0992473e03e84e Size/MD5 checksum: 46672 39d14cff54c5dc978d87d77705f6fa64 Size/MD5 checksum: 28112 76da6ba398ed66d7819e2bb54a1a5dc5 Size/MD5 checksum: 498832 92956b14cbe894dce47ca3a792399258 Size/MD5 checksum: 74958 dd01b3381e6de01f5f484bd3a4e116fe Size/MD5 checksum: 26246 d5e2072c9d0ee92112b45aadf393b002 Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 1613 a7a22d0059c9e0fbe9dc6a180dda1861 Size/MD5 checksum: 3682124b9ee58c7351e5ad759004f3de64850 Size/MD5 checksum: 19442629 5edd5518e8f77174c12844f9cfad6ac4 Architecture independent components: Size/MD5 checksum: 176708 22ff5daa5c3da9c4359458958c4a8210 Size/MD5 checksum: 186486 61ff479a17df309769400555758b4be4 Size/MD5 checksum: 101110 0f5158dbadf4074335dae1dac8d9322c Size/MD5 checksum: 324210 0b831eb86b630d98548a32ef86e9742e Size/MD5 checksum: 23338 b5cbabc134dc0bdd7584d05e8cf1ca93 Size/MD5 checksum: 434332 9255e255e3737fe45f7358301a8354f5 Size/MD5 checksum: 6630 80771055932dada464c017bd8ec937ef Size/MD5 checksum: 33450 19b7940ea349f48bcc76db69a4177888 Size/MD5 checksum: 42902 5f25541a98e5837d5ed0f580449436e3 Size/MD5 checksum: 50592 a810c608dca20a544adce8957294ad6e Size/MD5 checksum: 1118084 13f46335c0dbbb4909d31862a3a92aac Size/MD5 checksum: 1329600 fe31f9dd77a2c463eb71aff88f5984e6 Size/MD5 checksum: 180306 516269d09dbfa8a503cf8899179815f9 Size/MD5 checksum: 91738 8079e7b3f16ac9d269da155a77176d8b Size/MD5 checksum: 166508 4fe6e827ca8a0a64147d893ef43ae17d Size/MD5 checksum: 45692 52ec682c7169801d202dc0afcc7b9f1f Size/MD5 checksum: 36540 2ab8e0f4bc0cc176153cec4b0ef8bbb8 Size/MD5 checksum: 1355886 87aca5504ca5aeac4219e7731371a510 Size/MD5 checksum: 64042 df3b3d21b61791d4cf3e1eee415c25dc Size/MD5 checksum: 18964 3b4387bf2556061ecdb1456ae3925ac8 Size/MD5 checksum: 8716 c539c846f5547756b8aa53f6cba1c4a3 Size/MD5 checksum: 136528 2a2557b6feabe846ddff1a301d7875de Size/MD5 checksum: 90760 674ab476f67efe8badd90ece9a8a0f61 Size/MD5 checksum: 26118 aa5d5a23f20c79c14bc9a6849370ff14 Size/MD5 checksum: 41436 003c97150c1da9f3812521f2277ec433 Size/MD5 checksum: 47062 505cbe3eaabc0838e33445ba313ab0f5 Size/MD5checksum: 35086 c5e785e89763701bb63782b061c2089b Size/MD5 checksum: 20822 88ef1cba9d2f8d3814d95e4b18c7c3ea Size/MD5 checksum: 40298 04c2444dd4ebc34a70541eaad89e477c Size/MD5 checksum: 9678082 4176bb65f06984af183ea98f38ddb628 Size/MD5 checksum: 116710 b500b5681e3ad9c7fb9e58ee6355815b Size/MD5 checksum: 31650 a69d663710889a65c5e00445da2bb15f Size/MD5 checksum: 59750 74e816593527a8db61e6ade7696fe6d7 Size/MD5 checksum: 120450 e812184d80be8ce7e4a5d52582ef268b Size/MD5 checksum: 23616 2d0a6db5dc08631a4149366294c25036 Size/MD5 checksum: 30070 f4220aec25d9dc4f857c93e29d9b8585 Size/MD5 checksum: 267402 2cd8c3e2bd2ebcdb1f47cb7fb69419f7 Size/MD5 checksum: 902722 906af3e7dc66fe42d796e4317c238781 Size/MD5 checksum: 19312 41653329553a614b6d073583f28df0c4 Size/MD5 checksum: 24152 a900899343d5a0f95490eda6c6798cce Size/MD5 checksum: 22094 711877afe59a6dd5c3cf500ff40f0285 Size/MD5 checksum: 50388 979958e0910ab1428b88d6146be42d7f Size/MD5 checksum: 55902 3932ef425f1f9959a8943d2e6457f54c Size/MD5 checksum: 70444 544f88a951610a6b673371f0963cba21 Size/MD5 checksum: 63086 7c95449de2e66de06b3f4c763e9de168 Size/MD5 checksum: 156300 4eb60f3560ba1a52265edab63c6f8f2b These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Urgent patch for phpgroupware tackling remote scripting vulnerabilities; enhancement notes for Debian users included.. Debian Updates, phpgroupware Issues, Programming Errors. . Severity: Important. LinuxSecurity.com Team

Nov 17, 2005 •Important Debian

security advisoryremote exploitcritical

Debian 3.1: DSA-798-1 Critical: Phpgroupware Remote XSS Threat

Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 798-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Martin Schulze September 2nd, 2005 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : phpgroupware Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CAN-2005-2498 CAN-2005-2600 CAN-2005-2761 Several vulnerabilities have been discovered in phpgroupware, a web based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2005-2498 Stefan Esser discovered another vulnerability in the XML-RPC libraries that allows injection of arbitrary PHP code into eval() statements. The XMLRPC component has been disabled. CAN-2005-2600 Alexander Heidenreich discovered a cross-site scriptiong problem in the tree view of FUD Forum Bulletin Board Software, which is also present in phpgroupware. CAN-2005-2761 A global cross-site scripting fix has also been included that protects against potential malicious scripts embedded in CSS and xmlns in various parts of the application and modules. This update also contains a postinst bugfix that has been approved for the next update to the stable release. For the old stable distribution (woody) these problems don't apply. For the stable distribution (sarge) these problems have been fixed in version 0.9.16.005-3.sarge2. For the unstable distribution (sid) these problems have been fixed in version 0.9.16.008. We recommend that you upgrade your phpgroupware packages. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the linefor sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 1665 e10b74698fb0ccd70d9960c4e9745224 Size/MD5 checksum: 36212 ce2653530ea7790676d68687ac9ab89a Size/MD5 checksum: 19442629 5edd5518e8f77174c12844f9cfad6ac4 Architecture independent components: Size/MD5 checksum: 176408 e62845031a7af8182d876d93ce3a653d Size/MD5 checksum: 186202 70608b587089d644a3c2ff787f6ef3a0 Size/MD5 checksum: 100830 97695db70fdda862347531f7b22b40cd Size/MD5 checksum: 323858 db8259d262257e59a620113a97dc5a75 Size/MD5 checksum: 23068 57ecbc9bed7823851eef44102e59e36d Size/MD5 checksum: 434086 f8c1e175ab1b1dc0b337ca47f3670f30 Size/MD5 checksum: 6388 690fb88e32c50d3d00f440362c27dc78 Size/MD5 checksum: 33196 dab4c5133ea41f23a8752d93e8bd9786 Size/MD5 checksum: 42654 9db6fec8e4687d8fe6099a467a8246db Size/MD5 checksum: 50302 f4aeb63d1aeaa72c2bbfa6a5c0f8f247 Size/MD5 checksum: 1117628 e467218f15060c0edbabaa85cc6d561e Size/MD5 checksum: 1329298 95e88686c6212b6b1fcbfe404aef76ea Size/MD5 checksum: 180022 5930fda4d00b9814600dd3164243e678 Size/MD5 checksum: 91478 d2bd73cc22569c599fcadbedcfe1abb6 Size/MD5 checksum: 166208 3b310fc7dedb0c055e1bbb451b61edd8 Size/MD5 checksum: 45422 37e0f53559aa145decf9ee82906f6225 Size/MD5 checksum: 36296 e196baee2c1c89fc3872ea91b4046845 Size/MD5 checksum: 1355378 5453aa07a4c4372f247a994d7122170d Size/MD5 checksum: 63786 533a084f5b12d9471fd0bf8e7eb471a1 Size/MD5 checksum: 18712feaa03f55c431cb7265c98dd5ea3ccbb Size/MD5 checksum: 8472 4595ab292c8139cbe4596754403a471a Size/MD5 checksum: 136256 9f5270506681b88bc7b55c459e7c6ab6 Size/MD5 checksum: 90472 8a82ed20e8bb22e098610bf988338966 Size/MD5 checksum: 25864 fe33aebc1fe6887b3a36624139216092 Size/MD5 checksum: 41170 971b81d589f9ec41661260c666d7b0ac Size/MD5 checksum: 46804 749dcf3257343b66b0d866fdfee0a933 Size/MD5 checksum: 34828 4135f525d65dafde78ab72da65e84ab7 Size/MD5 checksum: 20566 cca6d535bd572adb89be5337c2ea4081 Size/MD5 checksum: 40058 e4fd11ffcc187d218e8e761443210de2 Size/MD5 checksum: 9677508 a2e03ccffbc07f28b7e40610a223173b Size/MD5 checksum: 116316 ea045a4a3bc0b30fefa3105d781f1e6b Size/MD5 checksum: 31390 42add8aa672fcbad2bc45bcc86de345f Size/MD5 checksum: 59496 907318b665a238d7d272125377e786ff Size/MD5 checksum: 120176 6d4c7741a3706276da2e67f76ccda644 Size/MD5 checksum: 23352 8d9360711e849414a9e331b820a06e7e Size/MD5 checksum: 29810 c1414f1646c86cc9548cd21091b9402d Size/MD5 checksum: 267152 dc7418b235702e20c9c746116a41cd0b Size/MD5 checksum: 902332 d18c60e4a310be6a8079659d9edb1ef3 Size/MD5 checksum: 19062 5c21d71782cb4790f0037ae7358c6366 Size/MD5 checksum: 23888 001d27f63b54f9a60788b0512f3b0315 Size/MD5 checksum: 21842 20bdf757aa0ba7d6e7ddd64454af89c5 Size/MD5 checksum: 50120 825d4e389401fe8d3ed3cc4f5bad71ed Size/MD5 checksum: 55662 7594f3210ebd11e91f483aac7cc9c20b Size/MD5 checksum: 70170 01379389b829ca8fc81f820df5ba0f76 Size/MD5 checksum: 62818 303dbc331b9bdab5e476a6dacfe08a87 Size/MD5 checksum: 156040 b02eea4ffa8eac66bab0e673df7a5afa These files will probably be moved into the stable distribution on its next update. ----------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian addresses multiple security flaws in phpgroupware; ensure you upgrade to the most recent version for improved protection.. phpgroupware update, security patch, Debian advisory. . Severity: Critical. LinuxSecurity.com Team

Sep 02, 2005 •Critical Debian

security advisoryDebianremote command execution

Debian: DSA 747-1 Critical: Httpproxy Denial of Service Threat

A vulnerability had been identified in the xmlrpc library included with phpgroupware, a web-based application including email, calendar and other groupware functionality. This vulnerability could lead to the execution of arbitrary commands on the server running phpgroupware.. - ------------------------------------------------------------------------Debian Security Advisory DSA 746-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Michael Stone July 13, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------Package : phpgroupware Vulnerability : remote command execution Problem type : input validation error Debian-specific: no CVE Id(s) : CAN-2005-1921 A vulnerability had been identified in the xmlrpc library included with phpgroupware, a web-based application including email, calendar and other groupware functionality. This vulnerability could lead to the execution of arbitrary commands on the server running phpgroupware. The security team is continuing to investigate the version of phpgroupware included with the old stable distribution (sarge). At this time we recommend disabling phpgroupware or upgrading to the current stable distribution (sarge). For the current stable distribution (sarge) this problem has been fixed in version 0.9.16.005-3.sarge0. For the unstable distribution (sid) this problem has been fixed in version 0.9.16.006-1. We recommend that you upgrade your phpgroupware package. Upgrade instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer tothe proper configuration. Debian 3.1 (sarge) - ------------------ sarge was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 1665 6b60af214470336fb8dd24d029ab6326 Size/MD5 checksum: 31814 f9f0fdb982212255037d4129736e7c21 Size/MD5 checksum: 19442629 5edd5518e8f77174c12844f9cfad6ac4 Architecture independent packages: Size/MD5 checksum: 35984 4a87585b9a1c5f7ac32cd6a7fb217242 Size/MD5 checksum: 185894 c33f2c74c3df4d7ecaba47499adfcfc2 Size/MD5 checksum: 9674304 8f9bc38f2610d7aeeab769f6571f8ce6 Size/MD5 checksum: 135960 bbc1ca292006147f097cc79396de8808 Size/MD5 checksum: 29534 ed73d7edab4ceae62b2b2bde8d279387 Size/MD5 checksum: 176070 29005653b28191bc31f2f09b49e4b681 Size/MD5 checksum: 40858 18b367628b687ae793281ddb6399aa0a Size/MD5 checksum: 1355020 ebe912a08a7b8721d21b98b95cd0eda2 Size/MD5 checksum: 59198 f7d81622bd273a1bb7aa2ff227f2c007 Size/MD5 checksum: 46498 565979513780536ee9cc6573728cea48 Size/MD5 checksum: 902042 fe53830690ad59fd3711b156260f39ad Size/MD5 checksum: 22760 d40b76c6cfde48dc863eb07fa68f618c Size/MD5 checksum: 39746 0a0e1480285d96d2b9cf175df30284a8 Size/MD5 checksum: 20272 f9b8d9bd93eb716f1ff689eea0307038 Size/MD5 checksum: 69878 cafaf90a5c9053ba36614fd9140d2dec Size/MD5 checksum: 100516 67d9c3435e6b55f7f5961772267ca1ad Size/MD5 checksum: 32896 1e2af590a4887c3ba471930d6eb99128 Size/MD5 checksum: 18770 1c69b89be7e3cdf5003b3d6e4b7eb1d8 Size/MD5 checksum: 323552 22390645056bcb021c2e608644f4f591 Size/MD5 checksum: 166002 f7a6ba93175803e7de9517698397cb90 Size/MD5 checksum: 1328904 4c2982ec97a5b08f6d2d83fafbdbbe43 Size/MD5 checksum: 179716 0706f78f53596f7adeddda57a6977a09 Size/MD5 checksum: 91192 f49356e1ba4540c657ff64ebbca6ce62 Size/MD5 checksum: 49828 3001c35e7b6780a063a1c6dc74a7785d Size/MD5 checksum: 119876 21d5eb594517b56f348186189292a0dc Size/MD5 checksum: 62508 922fe6644df12d786b2500eb07bd5523 Size/MD5 checksum: 1117384 b7f5819fed77a668023204786ec00d68 Size/MD5 checksum: 433776 0ddc8573dff45912049bb3c516889f4c Size/MD5 checksum: 42338 4a17fcf60a2575be7182ffa780a7eb0e Size/MD5 checksum: 266852 2e05a4e8f1dea399e5b8ddc99322d2d1 Size/MD5 checksum: 21542 2beb7d5a99acdc2a33c8fe672574d025 Size/MD5 checksum: 6092 cb1f96251a63d5fadba172f648f7f909 Size/MD5 checksum: 18390 95374052008b852fbea203d3f6fd1d75 Size/MD5 checksum: 155778 b1e8dc55d9e5a4ed9d868750957babb7 Size/MD5 checksum: 63476 3bc0223e4550a7a56295017885f07998 Size/MD5 checksum: 116012 bdffce5b093fb41e0429a7d4eee8ea93 Size/MD5 checksum: 8272 f4649ebb3b674661a1a172d1f503a673 Size/MD5 checksum: 49984 0ba721f8a669b6b6338ae90c7bb9070f Size/MD5 checksum: 25578 461e9804f5ce01b332cbe6569529bdc9 Size/MD5 checksum: 23596 2e3454fa36009152beb0695c80a238ec Size/MD5 checksum: 45118 996eebff648f4b688403cfb00255b924 Size/MD5 checksum: 90172 2196aa43de438b0a5d3754ba0b4f8089 Size/MD5 checksum: 23050 02ed1690b4d3547dbbcfe8145d234062 Size/MD5 checksum: 55322 9f8ddccce78aa7ac488d6bd965bb2732 Size/MD5 checksum: 34538 0de0c8c676a0e1efca8845c78d0ae201 Size/MD5 checksum: 31116 2b7e22a553c0bc0457757993dda7cfe8 - -------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . A crucial security announcement detailing a remote command executionflaw within phpgroupware has been issued, strongly recommending Debian users to apply necessary updates.. Debian Security, phpgroupware Fix, command injection, input validation, Debian update. . Severity: Critical. LinuxSecurity.com Team

Jul 13, 2005 •Critical Debian

security advisorygentoosoftware update

Gentoo: GLSA 202310-15 Moderate: Drupal XSS Vulnerability Addressed

The phpGroupWare software contains a cross site scripting vulnerability in the wiki module.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200409-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: phpGroupWare: XSS vulnerability in wiki module Date: September 16, 2004 Bugs: #63063 ID: 200409-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= The phpGroupWare software contains a cross site scripting vulnerability in the wiki module. Background ========= phpGroupWare is a web-based suite of group applications including calendar, todo-list, addressbook, email, wiki, news headlines, and a file manager. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/phpgroupware < 0.9.16.003 > = 0.9.16.003 Description ========== Due to an input validation error, the wiki module in the phpGroupWare suite is vulnerable to cross site scripting attacks. Impact ===== This vulnerability gives an attacker the ability to inject and execute malicious script code, potentially compromising the victim's browser. Workaround ========= The is no known workaround at this time. Resolution ========= All phpGroupWare users should upgrade to the latest version: # emerge sync # emerge -pv "> =www-apps/phpgroupware-0.9.16.003" # emerge "> =www-apps/phpgroupware-0.9.16.003" References ========= [ 1 ] phpGroupWare ChangeLog [ 2 ] Secunia Advisory SA12466 https://www.flexera.com/products/security/software-vulnerability-research/secunia-research Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200409-22 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/1.0/ . Security Alert GLSA 200409-23 addressing CSRF vulnerabilities in phpGroupWare's forums. Patch advised to reduce potential threats.. phpGroupWare, XSS Threat, Script Injection, Security Advisory. . LinuxSecurity.com Team

Sep 16, 2004 Gentoo

security advisorycriticaldebian

Debian: DSA 419-1 Critical: PHPGroupWare Remote Execution and SQL Injection

Improper remote execution and SQL code injection issues.. - -------------------------------------------------------------------------- Debian Security Advisory DSA 419-1 This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Martin Schulze January 9th, 2003 Debian -- Debian security FAQ - -------------------------------------------------------------------------- Package : phpgroupware Vulnerability : missing filename sanitising, SQL injection Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-0016 CAN-2004-0017 The authors of phpgroupware, a web based groupware system written in PHP, discovered several vulnerabilities. The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2004-0016 In the "calendar" module, "save extension" was not enforced for holiday files. As a result, server-side php scripts may be placed in directories that then could be accessed remotely and cause the webserver to execute those. This was resolved by enforcing the extension ".txt" for holiday files. CAN-2004-0017 Some SQL injection problems (non-escaping of values used in SQL strings) the "calendar" and "infolog" modules. Additionally, the Debian maintainer adjusted the permissions on world writable directories that were accidently created by former postinst during the installation. For the stable distribution (woody) this problem has been fixed in version 0.9.14-0.RC3.2.woody3. For the unstable distribution (sid) this problem has been fixed in version 0.9.14.007-4. We recommend that you upgrade your phpgroupware, phpgroupware-calendar and phpgroupware-infolog packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-getupgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: Size/MD5 checksum: 1648 fe062b1bf8877932bb2470e38d911514 Size/MD5 checksum: 450361 75e7f22c764901a55fdd512c00ad9403 Size/MD5 checksum: 8356188 22e715d0884d09aa848d694701a85b6b Architecture independent components: Size/MD5 checksum: 81236 56a2974de3da55bd5790071ce3e2d878 Size/MD5 checksum: 143570 9362f1a084d918afd8411ad478463a9c Size/MD5 checksum: 283302 e6d43729c8ca9b200718b90ebfe80b5c Size/MD5 checksum: 2118350 59d03db385d1bbb59ad3dfb7e57bb8e2 Size/MD5 checksum: 41680 58b563e77f3d22c966fc41f1fc8c87a0 Size/MD5 checksum: 118658 427879de1ab1ce71efc4661d0a5d1ee9 Size/MD5 checksum: 62866 8cde7024b9ad933a5b8516e663c3c2a6 Size/MD5 checksum: 227778 dafa81279a94e830061a45dc27aa1561 Size/MD5 checksum: 19354 5db6b3131d3d8a38612a56e00dd5693f Size/MD5 checksum: 60394 2f53b3a6515668bc50f6c44b37d84a75 Size/MD5 checksum: 327606 5e0ed4e69ddab084c54c61a1f1ec1185 Size/MD5 checksum: 90754 526677d3294e950846f73f5224872379 Size/MD5 checksum: 19104 b57bb2ffd6924b326d535fe040b93b95 Size/MD5 checksum: 41528 953bfd91bea52f00705b3fd4f0415ec1 Size/MD5 checksum: 46096 e1b5108e23bee2e2305cdb031fea4c58 Size/MD5 checksum: 50910 f742bfd791e4351004cfb8315c4b392a Size/MD5 checksum: 320926 02533f8e4d00569faae3d12104342e9d Size/MD5 checksum: 37878 446001e9d4dad5ed52c0431e6b2f7184 Size/MD5 checksum: 48984 d9e0460cab85338cec380a03d1d55c48 Size/MD5 checksum: 40024 5a4e2d552559efc9c82c3ac19399f8fc Size/MD5 checksum: 5946097ca00d28d3d08c1963293bc188bf73a Size/MD5 checksum: 23696 b003552af5ac215ea5698b18975325eb Size/MD5 checksum: 38914 81f8c2b52ba8d700bb061544432f7b01 Size/MD5 checksum: 94250 d5c04f7fd9ef850dcb01760e548dffd7 Size/MD5 checksum: 93962 4e8ce2091f40a0e7ed4a7e42c5f13556 Size/MD5 checksum: 87432 0f64fe97a9d86389219079d3daf0183a Size/MD5 checksum: 29808 b4e8141b97df11359349a825a45f5461 Size/MD5 checksum: 25512 c27b435b115eb5b45574766dabcafb11 Size/MD5 checksum: 31410 b3706db963a475e39d3b1fc736102a22 Size/MD5 checksum: 42500 344a15932f0d627ba21c285df1a6279d Size/MD5 checksum: 27426 15eb78a12b9a1c8a8fbfc7c78f1064ac Size/MD5 checksum: 21638 999028c0af8d28fb9ea05567afaeacd8 Size/MD5 checksum: 35616 f45af6b8ce3131c26000918b890e0cbf Size/MD5 checksum: 62188 e9a60c036da4b519b579e7f29b1f2f92 Size/MD5 checksum: 29494 e3fc876b3b0cea434e586665f8be3ace Size/MD5 checksum: 46086 84928cb89947883658d0c2251b95a2c5 Size/MD5 checksum: 91414 b6a52fa388dbc09c0d7ff554cfbf5c56 Size/MD5 checksum: 35600 bd6f66dd3ce33125f6f0282f6ad7fbef Size/MD5 checksum: 278684 ab4dc26916fc11187c0c70da92b48700 Size/MD5 checksum: 30940 766d5112eefd0ff8c5fdb4ca21435e69 Size/MD5 checksum: 22656 3a0f2075d13f923b12c28ea864a627ad Size/MD5 checksum: 26770 5a756d5dcb59404af3f3beb16dbcb994 Size/MD5 checksum: 43872 44f36dc391a31256697788dc64b51316 Size/MD5 checksum: 46916 879ff4be6ee9b095d75132f92cae68da Size/MD5 checksum: 27532 c7ce0209ee04edbccf1adbf4f9afe807 Size/MD5 checksum: 490010 6a6a85ca7dfa510c4a676f478c84ee67 Size/MD5 checksum: 74822 249a47e63d59c1026fd3f02b854b8d32 Size/MD5 checksum: 25608 7ca156a941abae77bc8699b860d4f818 These fileswill probably be moved into the stable distribution on its next revision. - --------------------------------------------------------------------------------- For apt-get: deb Debian -- Security Information stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Addressing critical phpgroupware weaknesses within Debian: inadequate processes and possible SQL breaches require immediate intervention.. Debian Security, PHPGroupWare Issues, SQL Injection Fixes, Installation Guide. . Severity: Critical. LinuxSecurity.com Team

Jan 09, 2004 •Critical Debian

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Debian: DSA-2046-1 Critical: phpgroupware Remote Code Execution Attack

Debian 5.0 Lenny DSA-1978-1 High Risk: phpGroupWare Remote Issues

Debian: DSA 1063-1 Critical: Phpgroupware Input Sanitization Exploit

Debian: DSA-898-1 Important: Remote Vulnerabilities in phpgroupware

Debian 3.1: DSA-798-1 Critical: Phpgroupware Remote XSS Threat

Debian: DSA 747-1 Critical: Httpproxy Denial of Service Threat

Gentoo: GLSA 202310-15 Moderate: Drupal XSS Vulnerability Addressed

Debian: DSA 419-1 Critical: PHPGroupWare Remote Execution and SQL Injection

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!