Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.1211 libphp-snoopy security update 4 May 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libphp-snoopy Publisher: Debian Operating System: Debian GNU/Linux 8 UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2014-5008 Original Bulletin: http://www.debian.org/security/2015/dsa-3248 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running libphp-snoopy check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3248-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 02, 2015 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libphp-snoopy CVE ID : CVE-2014-5008 It was discovered that missing input saniting in Snoopy, a PHP class that simulates a web browser may result in the execution of arbitrary commands. For the oldstable distribution (wheezy), this problem has been fixed in version 2.0.0-1~deb7u1. For the stable distribution (jessie), this problem was fixed before the initial release. For the unstable distribution (sid), this problem has been fixed in version 2.0.0-1. We recommend that you upgrade your libphp-snoopy packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVROUMAAoJEBDCk7bDfE42XrEP/16o0GPydhCLM42QV9MrMf+Y 09vmbl89bRhM84WVAtCRu9ERODWVBujyQiXziHJQD7ZZR/p/8zcJmfkAv7uNyJSh yzlVjo2YZz7j+IBWxNIqDzD+fngbeWrYlOnWD8agKXHsqoRdoa3veEuMQMj/fNkj ZcfdT1b8mtim93m09sDfvuWuXJ08OkPcDcJRG5qksYMVRW7CYuzM/8kMLWQ65cLz Ep0rIiQckrYZekWVxxZhWCd3Ks334pI1B4SzoUmosLLW7CnymlTl6aY0x/W9NeU+ QFTz5EUJ/kWXapFH0HaT6nr0/D2bxvbWGye0s4zvN0ZLbIaStB3HfQyk3utPEcdt PHiWW/RodsT8yMbTWSO/B0V+1uwO1nEQl7ng6+/nApg0Idi8JpSB26n7Mf794Nzk 0ms/fYsjPqyamB3+AsVSqIf/yqeH0YkmK4TIdNbQIvc55HQ/OXGPeW5SiU0M4RaB 7Nv3psV7rjdE1rcgkpYmb0L1RstFmTnoygfDVZtrNgT5nk37MkdUnN5JwXtMzw0e TZ5Mfn3NAMqnCQOWZOG37pnYU4LbGMLGkZUAoPiXPxoH1iKyK+nHyZmzzvLalm+r G+riXBYU2cOOV3zlGF6HjuHVeqmmETxRCPIhREZw6vXj9GwpLO4H0NjjjPy4k7yg QeP1pJ9j8+2G5qTciLOH =bgHd - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVUbGvhLndAQH1ShLAQKpTQ//ZdBhO9N7eWoVow54d71FlfX+ti3+foXJ SpfYGuZ/AWakYrq81E5YXhBLxAtGm4L4oDClDWwa+Ld5QLVtlMOZ0Jdl8bTvVjoN rqRSq+ejGLo3GqJKVZkTwaOVji8eChPnCYDXrVRwRq2Seov8jYrrQE6Xrcy5dTYM kpBPp69XGK0sxDXmHeAw/uUZ8LwLRiCVn19fxggjz+PykAW9IC/cT10H9UsUVzOc By5Q/QCKBUSLM4D2RVb3jYngq5nlNgZ5yBOtUtduxUtekazyRqiWmdvyb1E6uDI+ f1u2fe8bxoXqECq/w/t4YupoidZ6l2+BV1Npapc7v5qXRmNKoyNmR7xglJRAoNtC J85k4cftpLLllohFE6BniKcsyva+hl3oCgEYYhUIdd35mN3ff2xDgxmobvUNEycG RS9x71DjCTym/QrfBWWcZZGXW+HW/nVvZuisrEJiOw0GIP7FlD3vIiGG76ihcfbp he3GWPEqvHx5dl2A11zMUY+yXwNA+MgiVIUJzfVulSQfzYACYY7OIINDmJQGLA6Y 5Nu0ErTo9usGvhrwGhiS5YDwUfIbkBayyHYr25JwsKHt3a3+fmXXqAlqNINkcGhM NFcKo7NrFQbZmjouvJWcdu6IDXdWpFPnvv66ScOms1mgB1XZF70hIwezq7Qh3TcG GPd6VRuk+vE= =i+BF -----END PGP SIGNATURE-----