Advertisement
Home arrow ITsec Advisories arrow DSA-1528-1 serendipity -- insufficient input sanitising
Saturday, 06 September 2008
  
 
Last week attacks
O.S.  Defs.  %
Linux  10244  66.24%
Win 2003  3645  23.57%
Win 2000  1034  6.69%
FreeBSD  352  2.28%
SolarisSunOS  106  0.69%
Other  85  0.55%

Total attacks: 15466 of which 4898 single ip and 10568 mass defacements

Main Menu
Home
Digital Warfare
Geopolitics
ITsec News
ITsec Advisories
Test Drive
360°
Digital Attacks Archive
Zone-H events
Publications
Zone-H Friends/Partners
Contact Us
Search
Download Area
Zone-H forum
About this website
Login Form





Lost Password?
No account yet? Register
Visitors' Map
DSA-1528-1 serendipity -- insufficient input sanitising PDF Print E-mail
User Rating: / 2
PoorBest 
Written by Marcelo Almeida (Vympel)   
Tuesday, 25 March 2008
Date Reported: 24 Mar 2008
Affected Packages:serendipity
Vulnerable: Yes
Security database references: In the Debian bugtracking system: Bug 469667. In the Bugtraq database (at SecurityFocus): BugTraq ID 28298. In Mitre's CVE dictionary: CVE-2007-6205, CVE-2008-0124.
More information: Peter Hüwe and Hanno Böck discovered that Serendipity, a weblog manager, did not properly sanitise input to several scripts which allowed for cross site scripting.
For the stable distribution (etch), this problem has been fixed in version 1.0.4-1+etch1.
The old stable distribution (sarge) does not contain a serendipity package.
For the unstable distribution (sid), this problem has been fixed in version 1.3-1.
We recommend that you upgrade your serendipity package...
Fixed in:

Debian GNU/Linux 4.0 (etch)

Source:
http://security.debian.org/pool/updates/main/s/serendipity/serendipity_1.0.4.orig.tar.gz
http://security.debian.org/pool/updates/main/s/serendipity/serendipity_1.0.4-1+etch1.diff.gz
http://security.debian.org/pool/updates/main/s/serendipity/serendipity_1.0.4-1+etch1.dsc
Architecture-independent component:
http://security.debian.org/pool/updates/main/s/serendipity/serendipity_1.0.4-1+etch1_all.deb

MD5 checksums of the listed files are available in the original advisory.


Comments Index (Total Messages: 0)


Post Reply
Name:Guest
Title:
Comment:



Enter this security word

Powered by a Zone-H(ified) version of AkoComment 3.0!


DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The   author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.
 
< Prev   Next >
[ Back ]
 
Top!
© 2008 Zone-H.org
Joomla! is Free Software released under the GNU/GPL License.
 Top!