Puslapiai
(Perkelti į...)
Pradinis puslapis
Nuorodos
▼
[ MDVSA-2015:087 ] egroupware
Mandriva Linux Security Advisory MDVSA-2015:087 http://www.mandriva.com/en/ ______________________________ ______________________________
___________ Package : egroupware Date : March 28, 2015 Affected: Business Server 2.0 ______________________________ ______________________________ ___________ Problem Description: Updated egroupware packages fix security vulnerabilities: eGroupware prior to 1.8.006.20140217 is vulnerable to remote file deletion and possible remote code execution due to user input being passed to PHP's unserialize() method (CVE-2014-2027). eGroupWare before 1.8.007 allows logged in users with administrative priviledges to remotely execute arbitrary commands on the server. It is also vulnerable to a cross site request forgery vulnerability that allows creating new administrative users.
______________________________ ______________________________ ___________ References: http://cve.mitre.org/cgi-bin/ http://advisories.mageia.org/ http://advisories.mageia.org/ ______________________________ ______________________________ ___________ Updated Packages: Mandriva Business Server 2/X86_64: cf4a9bb8ef30cf74a7e8104eaed1e5 ea mbs2/x86_64/egroupware-1.8. 007.20140506-1.mbs2.noarch.rpm 7d471a1f7934338d9c17c39aed046a 92 mbs2/x86_64/egroupware- bookmarks-1.8.007.20140506-1. mbs2.noarch.rpm bca49e4c9f90170d049e0f57373655 3f mbs2/x86_64/egroupware- calendar-1.8.007.20140506-1. mbs2.noarch.rpm 3195fb6185b0db015c68eeed25391f ea mbs2/x86_64/egroupware- developer_tools-1.8.007. 20140506-1.mbs2.noarch.rpm e9f33f46b78933cc7c7c054be6f1bc 18 mbs2/x86_64/egroupware-egw- pear-1.8.007.20140506-1.mbs2. noarch.rpm 8298f11458f4d6ab41a76842990c9b 88 mbs2/x86_64/egroupware- emailadmin-1.8.007.20140506-1. mbs2.noarch.rpm 8395d7c10874355e37d93af463a912 c0 mbs2/x86_64/egroupware- felamimail-1.8.007.20140506-1. mbs2.noarch.rpm 79b36d573ccaedd8ad098054d6ac66 2f mbs2/x86_64/egroupware- filemanager-1.8.007.20140506- 1.mbs2.noarch.rpm e931484776456c96ad3f7c2a989919 04 mbs2/x86_64/egroupware- gallery-1.8.007.20140506-1. mbs2.noarch.rpm 0e6028e764cfcbe9adc7e2d429e1bc fa mbs2/x86_64/egroupware- importexport-1.8.007.20140506- 1.mbs2.noarch.rpm 4026fb77115740ac83b194b4051fec 80 mbs2/x86_64/egroupware- infolog-1.8.007.20140506-1. mbs2.noarch.rpm 95d30157cd8d0cbf6c65442ad20e26 ae mbs2/x86_64/egroupware-manual- 1.8.007.20140506-1.mbs2. noarch.rpm f9f5395813df6b06711304342fcbbd 43 mbs2/x86_64/egroupware-news_ admin-1.8.007.20140506-1.mbs2. noarch.rpm 5e67c67c9fd0eb7308d6f268ac8506 ab mbs2/x86_64/egroupware- notifications-1.8.007. 20140506-1.mbs2.noarch.rpm 921e180cc7b2c6d2de58e2b5dc877a 2f mbs2/x86_64/egroupware- phpbrain-1.8.007.20140506-1. mbs2.noarch.rpm bf3d6323441283889833de12eda53b 1a mbs2/x86_64/egroupware- phpsysinfo-1.8.007.20140506-1. mbs2.noarch.rpm 675ea8d94c058a0c048b0784128f3b c1 mbs2/x86_64/egroupware-polls- 1.8.007.20140506-1.mbs2. noarch.rpm 4488bb434ff2cee958198a62cd7591 5d mbs2/x86_64/egroupware- projectmanager-1.8.007. 20140506-1.mbs2.noarch.rpm b1af84b4ee06f528c1bbb2026a1371 c5 mbs2/x86_64/egroupware- registration-1.8.007.20140506- 1.mbs2.noarch.rpm 5a4b0422fcf415cf7dbb67677aea4e 69 mbs2/x86_64/egroupware- sambaadmin-1.8.007.20140506-1. mbs2.noarch.rpm 8ad55477e0043a97b98c312f996e1b 89 mbs2/x86_64/egroupware- sitemgr-1.8.007.20140506-1. mbs2.noarch.rpm 0995e8539c804e5146da0e75d7a260 31 mbs2/x86_64/egroupware-syncml- 1.8.007.20140506-1.mbs2. noarch.rpm 6f4a523abe8818c71327896b1e2123 26 mbs2/x86_64/egroupware- timesheet-1.8.007.20140506-1. mbs2.noarch.rpm 6b309a26af38d62d817558e0658e34 26 mbs2/x86_64/egroupware- tracker-1.8.007.20140506-1. mbs2.noarch.rpm dbdfa7fa5e27ea271d6addd9b52acf a8 mbs2/x86_64/egroupware-wiki-1. 8.007.20140506-1.mbs2.noarch. rpm c8da1009e22f6018fd784fc18aa636 51 mbs2/SRPMS/egroupware-1.8.007. 20140506-1.mbs2.src.rpm ______________________________ ______________________________ ___________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/ If you want to report vulnerabilities, please contact security_(at)_ mandriva.com
Komentarų nėra:
Rašyti komentarą