pilla Bodhisattva
Joined: 07 Aug 2002 Posts: 7731 Location: Underworld
|
Posted: Sat Jun 28, 2003 9:24 pm Post subject: [gentoo-security] GLSA: phpbb (200306-15) |
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200306-15
- - - ---------------------------------------------------------------------
PACKAGE : phpbb
SUMMARY : sql injection
DATE : 2003-06-28 20:22 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <phpbb-2.0.5
FIXED VERSION : >=phpbb-2.0.5
CVE : CAN-2003-0486
- - - ---------------------------------------------------------------------
quote from cve:
"SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and
earlier allows remote attackers to steal password hashes via the
topic_id parameter."
SOLUTION
It is recommended that all Gentoo Linux users who are running
net-www/phpbb upgrade to phpbb-2.0.5 as follows
emerge sync
emerge phpbb
emerge clean
- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
robbat2@gentoo.org
- - - ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+/fjyfT7nyhUpoZMRAq+RAJ4r4fijIo8hJaEJq/p0DIgeRoAobQCeJBQr
to/2NXfPD4yTEGDjhd+B4EQ=
=Ybzs
-----END PGP SIGNATURE----- _________________ "I'm just very selective about the reality I choose to accept." -- Calvin |
|