Информационная безопасность
[RU] switch to English


Дополнительная информация

  Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  [USN-2558-1] Mailman vulnerability

  WSO2 Identity Server multiple vulnerabilities

  Manage Engine Desktop Central 9 - CVE-2015-2560 - Unauthorised administrative password reset

  [ MDVSA-2015:097 ] php-ZendFramework

From:MANDRIVA
Date:12 мая 2015 г.
Subject:[ MDVSA-2015:087 ] egroupware



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory                         MDVSA-2015:087
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : egroupware
Date    : March 28, 2015
Affected: Business Server 2.0
_______________________________________________________________________

Problem Description:

Updated egroupware packages fix security vulnerabilities:

eGroupware prior to 1.8.006.20140217 is vulnerable to remote file
deletion and possible remote code execution due to user input being
passed to PHP's unserialize() method (CVE-2014-2027).

eGroupWare before 1.8.007 allows logged in users with administrative
priviledges to remotely execute arbitrary commands on the server.
It is also vulnerable to a cross site request forgery vulnerability
that allows creating new administrative users.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2027
http://advisories.mageia.org/MGASA-2014-0116.html
http://advisories.mageia.org/MGASA-2014-0221.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 2/X86_64:
cf4a9bb8ef30cf74a7e8104eaed1e5ea  mbs2/x86_64/egroupware-1.8.007.20140506-1.mbs2.noarch.rpm
7d471a1f7934338d9c17c39aed046a92  mbs2/x86_64/egroupware-bookmarks-1.8.007.20140506-1.mbs2.noarch.rpm
bca49e4c9f90170d049e0f573736553f  mbs2/x86_64/egroupware-calendar-1.8.007.20140506-1.mbs2.noarch.rpm
3195fb6185b0db015c68eeed25391fea  mbs2/x86_64/egroupware-developer_tools-1.8.007.20140506-1.mbs2.noarch.rpm
e9f33f46b78933cc7c7c054be6f1bc18  mbs2/x86_64/egroupware-egw-pear-1.8.007.20140506-1.mbs2.noarch.rpm
8298f11458f4d6ab41a76842990c9b88  mbs2/x86_64/egroupware-emailadmin-1.8.007.20140506-1.mbs2.noarch.rpm
8395d7c10874355e37d93af463a912c0  mbs2/x86_64/egroupware-felamimail-1.8.007.20140506-1.mbs2.noarch.rpm
79b36d573ccaedd8ad098054d6ac662f  mbs2/x86_64/egroupware-filemanager-1.8.007.20140506-1.mbs2.noarch.rpm
e931484776456c96ad3f7c2a98991904  mbs2/x86_64/egroupware-gallery-1.8.007.20140506-1.mbs2.noarch.rpm
0e6028e764cfcbe9adc7e2d429e1bcfa  mbs2/x86_64/egroupware-importexport-1.8.007.20140506-1.mbs2.noarch.rpm
4026fb77115740ac83b194b4051fec80  mbs2/x86_64/egroupware-infolog-1.8.007.20140506-1.mbs2.noarch.rpm
95d30157cd8d0cbf6c65442ad20e26ae  mbs2/x86_64/egroupware-manual-1.8.007.20140506-1.mbs2.noarch.rpm
f9f5395813df6b06711304342fcbbd43  mbs2/x86_64/egroupware-news_admin-1.8.007.20140506-1.mbs2.noarch.rpm
5e67c67c9fd0eb7308d6f268ac8506ab  mbs2/x86_64/egroupware-notifications-1.8.007.20140506-1.mbs2.noarch.rpm
921e180cc7b2c6d2de58e2b5dc877a2f  mbs2/x86_64/egroupware-phpbrain-1.8.007.20140506-1.mbs2.noarch.rpm
bf3d6323441283889833de12eda53b1a  mbs2/x86_64/egroupware-phpsysinfo-1.8.007.20140506-1.mbs2.noarch.rpm
675ea8d94c058a0c048b0784128f3bc1  mbs2/x86_64/egroupware-polls-1.8.007.20140506-1.mbs2.noarch.rpm
4488bb434ff2cee958198a62cd75915d  mbs2/x86_64/egroupware-projectmanager-1.8.007.20140506-1.mbs2.noarch.rpm
b1af84b4ee06f528c1bbb2026a1371c5  mbs2/x86_64/egroupware-registration-1.8.007.20140506-1.mbs2.noarch.rpm
5a4b0422fcf415cf7dbb67677aea4e69  mbs2/x86_64/egroupware-sambaadmin-1.8.007.20140506-1.mbs2.noarch.rpm
8ad55477e0043a97b98c312f996e1b89  mbs2/x86_64/egroupware-sitemgr-1.8.007.20140506-1.mbs2.noarch.rpm
0995e8539c804e5146da0e75d7a26031  mbs2/x86_64/egroupware-syncml-1.8.007.20140506-1.mbs2.noarch.rpm
6f4a523abe8818c71327896b1e212326  mbs2/x86_64/egroupware-timesheet-1.8.007.20140506-1.mbs2.noarch.rpm
6b309a26af38d62d817558e0658e3426  mbs2/x86_64/egroupware-tracker-1.8.007.20140506-1.mbs2.noarch.rpm
dbdfa7fa5e27ea271d6addd9b52acfa8  mbs2/x86_64/egroupware-wiki-1.8.007.20140506-1.mbs2.noarch.rpm
c8da1009e22f6018fd784fc18aa63651  mbs2/SRPMS/egroupware-1.8.007.20140506-1.mbs2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi.  The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security.  You can obtain the
GPG public key of the Mandriva Security Team by executing:

 gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

 http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

 security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Mandriva Security Team
 <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVFmNDmqjQ0CJFipgRAtHlAKCtdE8cImMGN1YVYOmTaAd42jXNrQCgjOhw
XKQ6enfHyzG4jrDO2ndwLyg=
=0Ip3
-----END PGP SIGNATURE-----

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород