Articles / Debian: New egroupware pack…

Debian: New egroupware packages fix remote command execution

A vulnernability has been identified in the xmlrpc library included in the egroupware package. This vulnerability could lead to the execution of arbitrary commands on the server running egroupware. Fixed packages are available from security.debian.org .
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA 747-1                   security@debian.org
http://www.debian.org/security/                            Michael Stone
July 10, 2005                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : egroupware
Vulnerability  : remote command execution
Problem type   : input validation error
Debian-specific: no
CVE Id(s)      : CAN-2005-1921

A vulernability has been identified in the xmlrpc library included in
the egroupware package. This vulnerability could lead to the execution
of arbitrary commands on the server running egroupware.

The old stable distribution (woody) did not include egroupware.

For the current stable distribution (sarge), this problem is fixed in
version 1.0.0.007-2.dfsg-2sarge1.

For the unstable distribution (sid), this problem is fixed in version
1.0.0.007-3.dfsg-1.

We recommend that you upgrade your egroupware package.

Upgrade instructions
- --------------------

wget url
       will fetch the file for you
dpkg -i file.deb
       will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
       will update the internal database
apt-get upgrade
       will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 3.1 (sarge)
- ------------------

 sarge was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

 Source archives:

   http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg.orig.tar.gz
     Size/MD5 checksum: 12699187 462f5ea377c4d0c04f16ffe8037b9d6a
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge1.diff.gz
     Size/MD5 checksum:    33321 2ae91aca7f89d1f3d5f725fa09384ed8
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge1.dsc
     Size/MD5 checksum:     1285 1849e8a4639068df7ac9f8f72272ef86

 Architecture independent packages:

   http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:     4212 6edb07699896314d8c0ce641e2228cc5
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-forum_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:    51144 e611af77c5bd0c4b75cd9227ca50e115
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-ftp_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:    37840 78e388f8967593e544992cc18fc47096
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-sitemgr_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:   486306 ff7956754ab17b48938bc290171ab6c6
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-jinn_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:   204810 0f4c3f9ce74980dc5102bbabb2909b49
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-stocks_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:    26322 88c9d54ae0e23842f0b59b3cdc3de55f
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-news-admin_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:    50530 d9407cff76325b2e597d30b16b55f35b
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-emailadmin_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:    37916 a0c6fc6f8c2138e8377dc24933a45772
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-addressbook_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:   148770 d96b5a43c0a29dd8dbc13d001831a45c
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpsysinfo_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:   115750 d94de6dbaf9135a6fb45a1f01ffc09f4
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-manual_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:    17100 2b837171f92886b79dab136b4cbed1b0
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-filemanager_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:   172670 e35d2a3af12432147711a39e31d0a194
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-tts_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:    92442 a1e6eacb42d3cf26bc2fe22086ee2332
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-comic_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:   255838 b00219a9f18f65b56cde18564dbcdfc6
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-fudforum_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:  1486218 7b8b470bf2a5f2279a322723ff74d031
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-infolog_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:   202082 ef4836ce08f0edfba3d7d2dee6f13225
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-bookmarks_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:   124930 bfdacc1755efb6e43133808bf77a1200
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpbrain_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:   119060 6588409cc9526dca31479a4d1a464cb6
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-core_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:  3771642 078dcb7065c3ced38e7e837d15003dde
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-messenger_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:    31966 3f1306aa4e31ce8518a967d5b6c8de23
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-etemplate_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:  1363034 bdc3797f41136a032488e458e090b729
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-calendar_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:   382010 4725c5ad39c9abf8ab116f8a5dd0bb57
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-headlines_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:    74732 2a08f46a7af3a0084426e317ffacf083
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-ldap_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:     6942 2504ff9fa488181edfd5484ebab583b0
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-wiki_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:    92404 18e426330d98178d6acf7b1f04e7a616
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-email_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:  1243590 14104d7117c1ddcfe4013e64cdf4f427
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-projects_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:   302036 275669f1b8eae13a4fa091423506aa65
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpldapadmin_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:   139354 664038c40ad93e64daf975e5e50d3550
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-felamimail_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:   275144 361b4166509e4dd861c907c2f9f846f5
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-polls_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:    35878 069b89e524f57fff58dfa91e19380ee0
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-registration_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:    99618 264116d3f03eddeae48e2ac1b5e74bb0
   http://security.debian.org/pool/updates/main/e/egroupware/egroupware-developer-tools_1.0.0.007-2.dfsg-2sarge1_all.deb
     Size/MD5 checksum:    53220 de815addc18f090c263b582db7025af3

- -------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iQCVAwUBQtFdYg0hVr09l8FJAQJn5QP/W3BxmQKGz9C7u9zG7G9kTgO8lmZSy99E
98nwM3puUkDU5na4Mx3OSiNJ/RsNP/8PwwRVhX/CCQ8n4e+BloX9zCfY1TGFKZI9
BYFU00zrRGjOXyJ0ulHtIhaXcLiGJsxvfVcC5jQkvuzJhqirewc24uZu3gmoEJw7
7l4KF2r8Gts=
=rdLU
-----END PGP SIGNATURE-----
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.