[PLDSA 22-1] New phpBB packages fix insecure private messages
Krzysiek Taraszka
dzimi at pld.org.pl
Thu Jan 30 14:12:35 CET 2003
- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 22-1 security at pld.org.pl
http://www.pld.org.pl/security/ PLD Security Team
29 January 2003 http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------
Package : prior to phpBB-2.0.3-5
Vulnerability : insecure private messages
Problem-Type : remote
PLD-specific : no
phpBB users can send private messages to each other. The program has
got a security hole, making it possible for a user to delete the text
of all private messages stored in the system.
The above problems have been fixed in version 2.0.4-1 for the
current stable distribution (ra).
We recommend that you upgrade your phpBB packages.
wget -c url
will fetch the file for you
rpm -Uhv file(s)*.rpm
will upgrade the referenced file.
If you are using "poldek" - the package manager, use the line as given below
for upgrade packages
poldek --update
will update the internal database
poldek --upgrade 'phpBB*'
will install corrected packages
If you are using "apt" - the package manager, use the line as given below
for upgrade packages
apt-get update
will update the internal database
apt-get upgrade 'phpBB*'
will install corrected packages
PLD Linux 1.0 alias ra
- --------------------
Source archives:
ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/phpBB-2.0.4-1.src.rpm
MD5 checksum: d3adaa3e8467864935a2003380e924e0
I386 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/phpBB-2.0.4-1.noarch.rpm
MD5 checksum: 26a1604f8859f67f7e8e8da6d5cc703f
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/phpBB-install-2.0.4-1.noarch.rpm
MD5 checksum: ab5c29d682fec4afd566a07efe38752d
I586 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/phpBB-2.0.4-1.noarch.rpm
MD5 checksum: 82233c8d0d545c855aa1e1b74cd79d6f
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/phpBB-install-2.0.4-1.noarch.rpm
MD5 checksum: 74f2442baeb8fc62c512278854320ac7
I686 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/phpBB-2.0.4-1.noarch.rpm
MD5 checksum: c5693a83ae11361c808eec26e4eb99bb
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/phpBB-install-2.0.4-1.noarch.rpm
MD5 checksum: 0b6c350c8d29780a00e51b6ce06cf825
PowerPC Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/phpBB-2.0.4-1.noarch.rpm
MD5 checksum: ed62d34a172a98701fe4155e71c77d53
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/phpBB-install-2.0.4-1.noarch.rpm
MD5 checksum: a7ddb61bf037bc1131d81954a72f33a8
-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.
For i386 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security
More information about the pld-security-announce
mailing list