Pular "Quicknav"

• Sobre o Debian
• Notícias
• Obtendo o Debian
• Suporte
• Canto dos Desenvolvedores
• Mapa do site
• Busca

Alerta de Segurança Debian

DSA-365-1 phpgroupware -- várias vulnerabilidades

Data do Alerta:

05 Ago 2003

Pacotes Afetados:

phpgroupware

Vulnerável:

Sim

Referência à base de dados de segurança:

Na base de dados do BugTraq (na SecurityFocus): ID BugTraq 8088.
No dicionário CVE do Mitre: CVE-2003-0504, CVE-2003-0599, CVE-2003-0657.

Informações adicionais:

Várias vulnerabilidades foram descobertas no phpgroupware:

• CAN-2003-0504: Várias vulnerabilidades cross-site scripting (XSS) no Phpgroupware 0.9.14.003 (também conhecido como webdistro) permitem que atacantes remotos insiram código HTML arbitrário ou web script, como demonstrado com uma solicitação para o index.php no módulo addressbook.
• CAN-2003-0599: Uma vulnerabilidade desconhecida no Sistema de Arquivos Virtual - "Virtual File System" - (VFS) do phpGroupWare 0.9.16preRC e versões anteriores a 0.9.14.004, com implicações desconhecidas, relacionadas ao path do VFS estar sob a raiz do diretório web.
• CAN-2003-0657: Múltiplas vulnerabilidades de injeção de código SQL no módulo infolog do phpgroupware pode permitir que atacantes remotos executem expressões SQL arbitrárias.

Na atual distribuição estável (woody) estes problemas foram corrigidos na versão 0.9.14-0.RC3.2.woody2.

Na distribuição instável (sid), estes problemas serão corrigidos em breve. Veja o bug Debian #201980.

Nós recomendamos que você atualize seus pacotes phpgroupware.

Corrigido em:

Debian GNU/Linux 3.0 (woody)

Fonte:

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14-0.RC3.2.woody2.dsc

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14-0.RC3.2.woody2.diff.gz

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14.orig.tar.gz

Componente independente de arquitetura:

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-addressbook_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-admin_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-api-doc_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-api_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookkeeping_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookmarks_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-brewer_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-calendar_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chat_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chora_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-comic_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core-doc_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-developer-tools_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-dj_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-eldaptir_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-email_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-filemanager_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-forum_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-ftp_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-headlines_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-hr_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-img_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-infolog_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-inv_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-manual_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-messenger_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-napster_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-news-admin_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-nntp_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-notes_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phonelog_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpsysinfo_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpwebhosting_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-polls_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-preferences_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-projects_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-registration_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-setup_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-skel_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-soap_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-stocks_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-todo_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-tts_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-wap_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-weather_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-xmlrpc_0.9.14-0.RC3.2.woody2_all.deb

http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14-0.RC3.2.woody2_all.deb

Checksums MD5 dos arquivos listados estão disponíveis no alerta original.

Esta página também está disponível nos seguintes idiomas:

dansk Deutsch English español français Русский (Russkij) svenska

Como configurar o idioma padrão dos documentos