Articles / Debian: New phpgroupware pa…

Debian: New phpgroupware packages fix several vulnerabilities

Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP. A local file inclusion vulnerability allows remote attackers to execute arbitrary PHP code and include arbitrary local files. Multiple SQL injection vulnerabilities allows remote attackers to execute arbitrary SQL commands. Updated packages are available from security.debian.org.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2046-1                  security@debian.org
http://www.debian.org/security/                        Giuseppe Iuculano
May 13, 2010                          http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : phpgroupware
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2010-0403 CVE-2010-0404

Several remote vulnerabilities have been discovered in phpgroupware, a
Web based groupware system written in PHP. The Common Vulnerabilities 
and Exposures project identifies the following problems:


CVE-2010-0403

A local file inclusion vulnerability allows remote attackers to execute
arbitrary PHP code and include arbitrary local files.


CVE-2010-0404 

Multiple SQL injection vulnerabilities allows remote attackers to execute
arbitrary SQL commands.


For the stable distribution (lenny), these problems have been fixed in
version 1:0.9.16.012+dfsg-8+lenny2

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems will be fixed soon.

We recommend that you upgrade your phpgroupware package.

Upgrade instructions
- --------------------

wget url
       will fetch the file for you
dpkg -i file.deb
       will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
       will update the internal database
apt-get upgrade
       will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg.orig.tar.gz
   Size/MD5 checksum: 19383160 bbfcfa12aca69b4032d7b4d38aeba85f
 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny2.dsc
   Size/MD5 checksum:     1662 1a1ff2d6badf454ba2b948ee1268e57b
 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny2.diff.gz
   Size/MD5 checksum:    74293 9ba66bc79bc0f5bb6454a3372bc2bfd8

Architecture independent packages:

 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-filemanager_0.9.16.012+dfsg-8+lenny2_all.deb
   Size/MD5 checksum:    91562 51f6a2473368c6c21d19b8fd6349635f
 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-phpgwapi-doc_0.9.16.012+dfsg-8+lenny2_all.deb
   Size/MD5 checksum:  7985242 c19ed260050702c356c4d14db87e3f0d
 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16_0.9.16.012+dfsg-8+lenny2_all.deb
   Size/MD5 checksum:    20158 c09431d20a4d833841340ea79e03854d
 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-setup_0.9.16.012+dfsg-8+lenny2_all.deb
   Size/MD5 checksum:   281402 2fc54aa2367098332f67b846b17d8c7a
 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-core-base_0.9.16.012+dfsg-8+lenny2_all.deb
   Size/MD5 checksum:    48876 41cc095cbbc3bd97ae36754405df60b9
 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-email_0.9.16.012+dfsg-8+lenny2_all.deb
   Size/MD5 checksum:  1167580 4b63e0460fb590082a29391d26331b1e
 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-phpgwapi_0.9.16.012+dfsg-8+lenny2_all.deb
   Size/MD5 checksum:  1529004 52216c8fa04c49ebf2d5d12aa6a8013a
 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny2_all.deb
   Size/MD5 checksum:    22522 783f747d25f32fe4024db807a0727261
 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-core_0.9.16.012+dfsg-8+lenny2_all.deb
   Size/MD5 checksum:     4726 0a3140a4bdc80c8b421ef865c1f730d3
 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-doc_0.9.16.012+dfsg-8+lenny2_all.deb
   Size/MD5 checksum:   130240 dc11591ae411a496bc5828d88eaed65d
 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-todo_0.9.16.012+dfsg-8+lenny2_all.deb
   Size/MD5 checksum:    50810 b632b74158236fea55b5014830c26369
 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-preferences_0.9.16.012+dfsg-8+lenny2_all.deb
   Size/MD5 checksum:    60432 8355e743ea535fbb8b5afef5bcb196bb
 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-manual_0.9.16.012+dfsg-8+lenny2_all.deb
   Size/MD5 checksum:    93564 f44dbd8f6b2902d4980c4ec23d955d02
 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-news-admin_0.9.16.012+dfsg-8+lenny2_all.deb
   Size/MD5 checksum:    41194 9ed410fd27d8e0c7430a90fa2eaabb70
 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-calendar_0.9.16.012+dfsg-8+lenny2_all.deb
   Size/MD5 checksum:   270288 ffa447f1b07658090d9acdec93ef31a5
 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-admin_0.9.16.012+dfsg-8+lenny2_all.deb
   Size/MD5 checksum:   188302 84057847fe79ad066a751a0b5f1abef7
 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-addressbook_0.9.16.012+dfsg-8+lenny2_all.deb
   Size/MD5 checksum:   176400 0294b85b1e34e7879edbc4ee832dfa43
 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-notes_0.9.16.012+dfsg-8+lenny2_all.deb
   Size/MD5 checksum:    33074 95aff5b1efc3ba4eeb3a5756549ae070


 These files will probably be moved into the stable distribution on
 its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkvsXb4ACgkQNxpp46476aqmZwCdE30iWpz68U69pUn3EsQ6oOhE
EsAAnjzI02r5Tl3d+13krPrNLMyHu6MN
=YfID
-----END PGP SIGNATURE-----
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.