Package "gosa-plugin-openxchange"
| Name: |
gosa-plugin-openxchange
|
Description: |
openxchange plugin for GOsa²
|
| Latest version: |
2.7.4+reloaded2-9ubuntu1.1 |
| Release: |
xenial (16.04) |
| Level: |
security |
| Repository: |
universe |
| Head package: |
gosa |
| Homepage: |
https://oss.gonicus.de/labs/gosa/ |
Links
Download "gosa-plugin-openxchange"
Other versions of "gosa-plugin-openxchange" in Xenial
Changelog
|
gosa (2.7.4+reloaded2-9ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: Server-Side Reflected XSS vulnerability
- debian/patches/0013_escape-html-entities-for-uid-to-avoid-code-execution-
CVE-2018-1000528.patch: Sanitize the uid POST parameter in
html/password.php.
- CVE-2018-1000528
* SECURITY UPDATE: Incorrect Access Control
- debian/patches/1046_CVE-2019-11187_stricter-ldap-error-check.patch: Use a
stricter error check in ldap::success()
of include/class_ldap.inc.
- CVE-2019-11187
* SECURITY UPDATE: PHP objection injection vulnerability
- debian/patches/1047_CVE-2019-14466-{1,2}_replace_unserialize_with_json_
encode+json_decode.patch: Replace serialize/unserialize with
json_encode/json_decode and preform type-checking on return value.
- CVE-2019-14466
-- Avital Ostromich <email address hidden> Wed, 14 Oct 2020 20:46:40 -0400
|
| CVE-2018-1000528 |
GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password fo |
| CVE-2019-11187 |
Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing t |
| CVE-2019-14466 |
The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to per |
|
About
-
Send Feedback to @ubuntu_updates
