exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Linux Security Advisory 1459-1

Debian Linux Security Advisory 1459-1
Posted Jan 14, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1459-1 - It was discovered that Gforge, a collaborative development tool, did not properly sanitise some CGI parameters, allowing SQL injection in scripts related to RSS exports.

tags | advisory, cgi, sql injection
systems | linux, debian
advisories | CVE-2008-0173
SHA-256 | 46c3e291053b62c8aa599099c781e01b50fc301f5004cbe793852f1d8f556e1d

Debian Linux Security Advisory 1459-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1459-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
January 13, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : gforge
Vulnerability : insufficient input validation
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2008-0173

It was discovered that Gforge, a collaborative development tool, did not
properly sanitise some CGI parameters, allowing SQL injection in scripts
related to RSS exports.

For the stable distribution (etch), this problem has been fixed in
version 4.5.14-22etch4.

For the old stable distribution (sarge), this problem has been fixed in
version 3.1-31sarge5.

For the unstable distribution (sid), this problem has been fixed in
version 4.6.99+svn6330-1.

We recommend that you upgrade your gforge packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 3.1 (oldstable)
- ----------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge5.diff.gz
Size/MD5 checksum: 298148 fd78915a83bd2c0ebf907adb10369846
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1.orig.tar.gz
Size/MD5 checksum: 1409879 c723b3a9efc016fd5449c4765d5de29c
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge5.dsc
Size/MD5 checksum: 868 336e19234bd80dd1856259700146978a

Architecture independent packages:

http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_3.1-31sarge5_all.deb
Size/MD5 checksum: 1108124 36e222e23527c67affc8d103bc483351
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_3.1-31sarge5_all.deb
Size/MD5 checksum: 58324 639ec6b4b363a4526d6d459858b230ce
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_3.1-31sarge5_all.deb
Size/MD5 checksum: 59936 1201c29fe43d659ba1fa1ec8d1c97dcb
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_3.1-31sarge5_all.deb
Size/MD5 checksum: 148510 c4eeb3e6b1fb6d1d5d8b7a5dcbdc2b5a
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_3.1-31sarge5_all.deb
Size/MD5 checksum: 93948 8b3b2651d9c87db5001a3207174f0620
http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_3.1-31sarge5_all.deb
Size/MD5 checksum: 72540 3c46ebf2c9c7790913b4138fda70abf7
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge5_all.deb
Size/MD5 checksum: 56466 2b16eefa372e82788db9d8628f689763
http://security.debian.org/pool/updates/main/g/gforge/gforge-cvs_3.1-31sarge5_all.deb
Size/MD5 checksum: 99274 63cd91f21d6c1c8070cab36e8c116b57
http://security.debian.org/pool/updates/main/g/gforge/gforge-sourceforge-transition_3.1-31sarge5_all.deb
Size/MD5 checksum: 59412 6ad709e90b0071acf6b002824c99a996
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_3.1-31sarge5_all.deb
Size/MD5 checksum: 64758 552a93aa07b144e643dfbcc97cb84064
http://security.debian.org/pool/updates/main/g/gforge/sourceforge_3.1-31sarge5_all.deb
Size/MD5 checksum: 55908 bfc08b5a188699a7b524ca8849d123db
http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_3.1-31sarge5_all.deb
Size/MD5 checksum: 70838 f699bb5444a9b7bb8e096c44e3cd0650
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_3.1-31sarge5_all.deb
Size/MD5 checksum: 64858 efd816ced0348fa8b56f4c3e5256a840
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_3.1-31sarge5_all.deb
Size/MD5 checksum: 65220 b9e32d3ccfa6a1de77393da4563e5fb2
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_3.1-31sarge5_all.deb
Size/MD5 checksum: 61078 3374d78c0cef648a6aad1725a1e6cb1a

Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14.orig.tar.gz
Size/MD5 checksum: 2161141 e85f82eff84ee073f80a2a52dd32c8a5
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch4.diff.gz
Size/MD5 checksum: 197311 a00eedb23b776476b9a42618487d89b1
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch4.dsc
Size/MD5 checksum: 950 b36ce450f342c604fd12549450fff6ae

Architecture independent packages:

http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.5.14-22etch4_all.deb
Size/MD5 checksum: 103548 beacacca088438618b23477f568f08e0
http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_4.5.14-22etch4_all.deb
Size/MD5 checksum: 95388 aa8716e4240606526fc633ba8c02b74a
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.5.14-22etch4_all.deb
Size/MD5 checksum: 75870 81c7219391d9fac23d6df62be3ab8bf5
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.5.14-22etch4_all.deb
Size/MD5 checksum: 212334 4cc28fdcf336a60bba2a89072683a5f9
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.5.14-22etch4_all.deb
Size/MD5 checksum: 86934 ea3e49b38459636b14ba4346bc045cf0
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch4_all.deb
Size/MD5 checksum: 80056 fb3df49a34571c38a43e625e73f1a124
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.5.14-22etch4_all.deb
Size/MD5 checksum: 85838 4f38f483e13b4c9b5fcbbd379ff841f4
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_4.5.14-22etch4_all.deb
Size/MD5 checksum: 88404 ba2c15b2bdd2f67a8abd3dd0bf9a326e
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.5.14-22etch4_all.deb
Size/MD5 checksum: 88914 0e657fdc22f4e1f14a63e3c583bc2dcb
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.5.14-22etch4_all.deb
Size/MD5 checksum: 704634 162e04520f993c85af6aac6565b01e90
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_4.5.14-22etch4_all.deb
Size/MD5 checksum: 86126 71dce38865bdf01366a992336ae403d3
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.5.14-22etch4_all.deb
Size/MD5 checksum: 81878 986a88180ea39ec6969f6b3f72006818
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.5.14-22etch4_all.deb
Size/MD5 checksum: 1010552 cfafa0c6c1b5ba02a0d665cbe76b11cb
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.5.14-22etch4_all.deb
Size/MD5 checksum: 88306 4290daefda537d4f1f2127ee9eaabe49


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHiijqXm3vHE4uyloRAjKZAKCXt2rPwf03uigZOAuLcx5+bRGqKQCgyQxM
yiG7MraFcV2HsY9NSAyR+mY=
=EM2r
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close