Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2009:265 ] egroupware

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1255114472-13155-2526

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2009:265

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : egroupware

Date : August 9, 2009

Affected: Corporate 3.0

_______________________________________________________________________

 

Problem Description:

 

A vulnerability has been found and corrected in egroupware:

 

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php

in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5,

and other products, allows remote attackers to bypass HTML filtering

and conduct cross-site scripting (XSS) attacks via a string containing

crafted URL protocols (CVE-2008-1502).

 

This update fixes this vulnerability.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1502

_______________________________________________________________________

 

Updated Packages:

 

Corporate 3.0:

457cecc72afa918120321a8966612252 corporate/3.0/i586/egroupware-1.0-0.RC3.1.2.C30mdk.noarch.rpm

0581c150f34223ffca619cb51a9b3ef8 corporate/3.0/i586/egroupware-addressbook-1.0-0.RC3.1.2.C30mdk.noarch.rpm

08f5a493d2f53eff97a2ed67591704ca corporate/3.0/i586/egroupware-backup-1.0-0.RC3.1.2.C30mdk.noarch.rpm

85683fa17c424fb5a55197f03f03ad25 corporate/3.0/i586/egroupware-bookmarks-1.0-0.RC3.1.2.C30mdk.noarch.rpm

e2ed0858b7692e20238c47408ac4cd0f corporate/3.0/i586/egroupware-calendar-1.0-0.RC3.1.2.C30mdk.noarch.rpm

6324ffa9329f3b90aaa075c33ba95e61 corporate/3.0/i586/egroupware-comic-1.0-0.RC3.1.2.C30mdk.noarch.rpm

247cbc3ad35a1d4a69a6b46910441a59 corporate/3.0/i586/egroupware-developer_tools-1.0-0.RC3.1.2.C30mdk.noarch.rpm

6f8eed40950dd65ca34b0a998ab14388 corporate/3.0/i586/egroupware-email-1.0-0.RC3.1.2.C30mdk.noarch.rpm

d3f57d5a42c13a1b6cdc5494143b1958 corporate/3.0/i586/egroupware-emailadmin-1.0-0.RC3.1.2.C30mdk.noarch.rpm

4b7f9febbb027a18f16644f9635d7639 corporate/3.0/i586/egroupware-etemplate-1.0-0.RC3.1.2.C30mdk.noarch.rpm

4c087d8bd698af8bcddf6ec5d5b9cbf7 corporate/3.0/i586/egroupware-felamimail-1.0-0.RC3.1.2.C30mdk.noarch.rpm

9f84311b59999ee63c22a7794b8dab6e corporate/3.0/i586/egroupware-filemanager-1.0-0.RC3.1.2.C30mdk.noarch.rpm

b74266537b1565e258fa4484917d2a82 corporate/3.0/i586/egroupware-forum-1.0-0.RC3.1.2.C30mdk.noarch.rpm

775bb85355c1f19829637f3700c65b66 corporate/3.0/i586/egroupware-ftp-1.0-0.RC3.1.2.C30mdk.noarch.rpm

a6f713c7982319808a0c6c2204988947 corporate/3.0/i586/egroupware-fudforum-1.0-0.RC3.1.2.C30mdk.noarch.rpm

b587eb709eb5d12aa71c054bbeb3cd9d corporate/3.0/i586/egroupware-headlines-1.0-0.RC3.1.2.C30mdk.noarch.rpm

4507af2a59419333564d75579fc2f4fc corporate/3.0/i586/egroupware-infolog-1.0-0.RC3.1.2.C30mdk.noarch.rpm

960d63bb470afc2f8f7b866d1191cfea corporate/3.0/i586/egroupware-jinn-1.0-0.RC3.1.2.C30mdk.noarch.rpm

6457a2d31a8c65e0f88e73b55e95cf6d corporate/3.0/i586/egroupware-messenger-1.0-0.RC3.1.2.C30mdk.noarch.rpm

5959c5074191b873a402e1ac15419a82 corporate/3.0/i586/egroupware-news_admin-1.0-0.RC3.1.2.C30mdk.noarch.rpm

aadbc64a9d9e3b6f86b0e3b41fc9da05 corporate/3.0/i586/egroupware-phpbrain-1.0-0.RC3.1.2.C30mdk.noarch.rpm

3f275d83b180588ad727de61833487d1 corporate/3.0/i586/egroupware-phpldapadmin-1.0-0.RC3.1.2.C30mdk.noarch.rpm

cbef9b0eca2cb8df009353040410849d corporate/3.0/i586/egroupware-phpsysinfo-1.0-0.RC3.1.2.C30mdk.noarch.rpm

a9061f5c1f25c66b77f8043c03620da3 corporate/3.0/i586/egroupware-polls-1.0-0.RC3.1.2.C30mdk.noarch.rpm

74f044f22be1d7520e97b652360aa1b1 corporate/3.0/i586/egroupware-projects-1.0-0.RC3.1.2.C30mdk.noarch.rpm

800ff5ee14285e839c62ec6dec76fc3c corporate/3.0/i586/egroupware-registration-1.0-0.RC3.1.2.C30mdk.noarch.rpm

1f379d0b2271ac427313d86376f30cad corporate/3.0/i586/egroupware-sitemgr-1.0-0.RC3.1.2.C30mdk.noarch.rpm

15175bdf831db5c417638eadcb96e4f1 corporate/3.0/i586/egroupware-skel-1.0-0.RC3.1.2.C30mdk.noarch.rpm

06b659a78f167ea7f6692c322ebb82f1 corporate/3.0/i586/egroupware-stocks-1.0-0.RC3.1.2.C30mdk.noarch.rpm

45611686d1b08f132114896141b3d784 corporate/3.0/i586/egroupware-tts-1.0-0.RC3.1.2.C30mdk.noarch.rpm

ac829be87dfb4a749e7fa3b922ab6b92 corporate/3.0/i586/egroupware-wiki-1.0-0.RC3.1.2.C30mdk.noarch.rpm

be589dc7a30d06b98bb1289b7cee3403 corporate/3.0/SRPMS/egroupware-1.0-0.RC3.1.2.C30mdk.src.rpm

 

Corporate 3.0/X86_64:

b30fe0bd3e13fdf0386a81aa8b81617d corporate/3.0/x86_64/egroupware-1.0-0.RC3.1.2.C30mdk.noarch.rpm

3a3bfbe5d9bd6a1b1d2a0ce8118b53c9 corporate/3.0/x86_64/egroupware-addressbook-1.0-0.RC3.1.2.C30mdk.noarch.rpm

6353c98b4a4c46216450c6498a214549 corporate/3.0/x86_64/egroupware-backup-1.0-0.RC3.1.2.C30mdk.noarch.rpm

36f06dfc8b91aed12694802965f3b7d5 corporate/3.0/x86_64/egroupware-bookmarks-1.0-0.RC3.1.2.C30mdk.noarch.rpm

9051a4cdc2c47e81dedcd4056eecc492 corporate/3.0/x86_64/egroupware-calendar-1.0-0.RC3.1.2.C30mdk.noarch.rpm

131d9ad04d823549de81b41ff4c75f56 corporate/3.0/x86_64/egroupware-comic-1.0-0.RC3.1.2.C30mdk.noarch.rpm

c8a6afa0a901bd7824fca20fe58551ff corporate/3.0/x86_64/egroupware-developer_tools-1.0-0.RC3.1.2.C30mdk.noarch.rpm

55a1f6d1923622da3a6612df1194229e corporate/3.0/x86_64/egroupware-email-1.0-0.RC3.1.2.C30mdk.noarch.rpm

607efd47c3f2e5508213de801b53f391 corporate/3.0/x86_64/egroupware-emailadmin-1.0-0.RC3.1.2.C30mdk.noarch.rpm

d272ee42a96610be9fa72fde8776e21b corporate/3.0/x86_64/egroupware-etemplate-1.0-0.RC3.1.2.C30mdk.noarch.rpm

21c040a81e2dd0c9cc2e36843733e94e corporate/3.0/x86_64/egroupware-felamimail-1.0-0.RC3.1.2.C30mdk.noarch.rpm

2e41be9121952a53e0544ac5b23e8c59 corporate/3.0/x86_64/egroupware-filemanager-1.0-0.RC3.1.2.C30mdk.noarch.rpm

9a3f46cd1b0dc84e91c216d3e2071a4d corporate/3.0/x86_64/egroupware-forum-1.0-0.RC3.1.2.C30mdk.noarch.rpm

4b6bd72f0be235f3393f0c2e1e8790e6 corporate/3.0/x86_64/egroupware-ftp-1.0-0.RC3.1.2.C30mdk.noarch.rpm

be11a023d3f373461108272d209a0b3f corporate/3.0/x86_64/egroupware-fudforum-1.0-0.RC3.1.2.C30mdk.noarch.rpm

b019690736397b725705eef1d6eba642 corporate/3.0/x86_64/egroupware-headlines-1.0-0.RC3.1.2.C30mdk.noarch.rpm

57cf67c08141dd7cf7c675b798b4d80e corporate/3.0/x86_64/egroupware-infolog-1.0-0.RC3.1.2.C30mdk.noarch.rpm

cd1278df8d05e8cf781a0c0d11ea0e5a corporate/3.0/x86_64/egroupware-jinn-1.0-0.RC3.1.2.C30mdk.noarch.rpm

920f2fb5eda49d91573ef6d7f82c7d5d corporate/3.0/x86_64/egroupware-messenger-1.0-0.RC3.1.2.C30mdk.noarch.rpm

8b5769f47bf947ddeb701437a0eaf51f corporate/3.0/x86_64/egroupware-news_admin-1.0-0.RC3.1.2.C30mdk.noarch.rpm

7789c81159e504118cef48f2626b6aa3 corporate/3.0/x86_64/egroupware-phpbrain-1.0-0.RC3.1.2.C30mdk.noarch.rpm

3d3289b103d7867fb7d327d6723502e6 corporate/3.0/x86_64/egroupware-phpldapadmin-1.0-0.RC3.1.2.C30mdk.noarch.rpm

78bb39299236072dbc9feb0d52dcfa19 corporate/3.0/x86_64/egroupware-phpsysinfo-1.0-0.RC3.1.2.C30mdk.noarch.rpm

90d5b9cf520118d0faedfd40b897b120 corporate/3.0/x86_64/egroupware-polls-1.0-0.RC3.1.2.C30mdk.noarch.rpm

a5aeff0e59c2bbd9c30e1ed111ab2938 corporate/3.0/x86_64/egroupware-projects-1.0-0.RC3.1.2.C30mdk.noarch.rpm

7c1d1c2070094b5ded1f8f384039c96c corporate/3.0/x86_64/egroupware-registration-1.0-0.RC3.1.2.C30mdk.noarch.rpm

d586dba8a8def827884913480020c356 corporate/3.0/x86_64/egroupware-sitemgr-1.0-0.RC3.1.2.C30mdk.noarch.rpm

10181ff6e3fce90704067254d94b657f corporate/3.0/x86_64/egroupware-skel-1.0-0.RC3.1.2.C30mdk.noarch.rpm

22cf8d7faca70d766227ba42dcb776e7 corporate/3.0/x86_64/egroupware-stocks-1.0-0.RC3.1.2.C30mdk.noarch.rpm

c0635ca0d4ae5d0efe80c8b5ed344bf7 corporate/3.0/x86_64/egroupware-tts-1.0-0.RC3.1.2.C30mdk.noarch.rpm

fb83084b226436fd61008220b27a3925 corporate/3.0/x86_64/egroupware-wiki-1.0-0.RC3.1.2.C30mdk.noarch.rpm

be589dc7a30d06b98bb1289b7cee3403 corporate/3.0/SRPMS/egroupware-1.0-0.RC3.1.2.C30mdk.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFKz1uSmqjQ0CJFipgRAiYmAKC4KTn3R6avNsPBJuaRDX0ylanzZgCfTj3T

QbUH3ZZZKjAexAn6ZyARZFI=

=L3hy

-----END PGP SIGNATURE-----

 

 

------------=_1255114472-13155-2526

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1255114472-13155-2526--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×