GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Nov 14, 2007 11:26 pm Post subject: [ GLSA 200711-19 ] TikiWiki: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: TikiWiki: Multiple vulnerabilities (GLSA 200711-19)
Severity: high
Exploitable: remote
Date: November 14, 2007
Bug(s): #195503
ID: 200711-19
Synopsis
Multiple vulnerabilities have been discovered in TikiWiki, possibly
resulting in the remote execution of arbitrary code.
Background
TikiWiki is an open source content management system written in PHP.
Affected Packages
Package: www-apps/tikiwiki
Vulnerable: < 1.9.8.3
Unaffected: >= 1.9.8.3
Architectures: All supported architectures
Description
Stefan Esser reported that a previous vulnerability (CVE-2007-5423,
GLSA 200710-21) was not properly fixed in TikiWiki 1.9.8.1
(CVE-2007-5682). The TikiWiki development team also added several
checks to avoid file inclusion.
Impact
A remote attacker could exploit these vulnerabilities to inject
arbitrary code with the privileges of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All TikiWiki users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.9.8.3" |
References
GLSA 200710-21
CVE-2007-5423
CVE-2007-5682
Last edited by GLSA on Mon Jun 10, 2013 4:26 am; edited 3 times in total |
|
News & Announcements
