Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.1211
libphp-snoopy security update
4 May 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: libphp-snoopy
Publisher: Debian
Operating System: Debian GNU/Linux 8
UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2014-5008
Original Bulletin:
http://www.debian.org/security/2015/dsa-3248
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running libphp-snoopy check for an updated version of the software
for their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3248-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 02, 2015 http://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : libphp-snoopy
CVE ID : CVE-2014-5008
It was discovered that missing input saniting in Snoopy, a PHP class that
simulates a web browser may result in the execution of arbitrary
commands.
For the oldstable distribution (wheezy), this problem has been fixed
in version 2.0.0-1~deb7u1.
For the stable distribution (jessie), this problem was fixed before
the initial release.
For the unstable distribution (sid), this problem has been fixed in
version 2.0.0-1.
We recommend that you upgrade your libphp-snoopy packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVROUMAAoJEBDCk7bDfE42XrEP/16o0GPydhCLM42QV9MrMf+Y
09vmbl89bRhM84WVAtCRu9ERODWVBujyQiXziHJQD7ZZR/p/8zcJmfkAv7uNyJSh
yzlVjo2YZz7j+IBWxNIqDzD+fngbeWrYlOnWD8agKXHsqoRdoa3veEuMQMj/fNkj
ZcfdT1b8mtim93m09sDfvuWuXJ08OkPcDcJRG5qksYMVRW7CYuzM/8kMLWQ65cLz
Ep0rIiQckrYZekWVxxZhWCd3Ks334pI1B4SzoUmosLLW7CnymlTl6aY0x/W9NeU+
QFTz5EUJ/kWXapFH0HaT6nr0/D2bxvbWGye0s4zvN0ZLbIaStB3HfQyk3utPEcdt
PHiWW/RodsT8yMbTWSO/B0V+1uwO1nEQl7ng6+/nApg0Idi8JpSB26n7Mf794Nzk
0ms/fYsjPqyamB3+AsVSqIf/yqeH0YkmK4TIdNbQIvc55HQ/OXGPeW5SiU0M4RaB
7Nv3psV7rjdE1rcgkpYmb0L1RstFmTnoygfDVZtrNgT5nk37MkdUnN5JwXtMzw0e
TZ5Mfn3NAMqnCQOWZOG37pnYU4LbGMLGkZUAoPiXPxoH1iKyK+nHyZmzzvLalm+r
G+riXBYU2cOOV3zlGF6HjuHVeqmmETxRCPIhREZw6vXj9GwpLO4H0NjjjPy4k7yg
QeP1pJ9j8+2G5qTciLOH
=bgHd
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVUbGvhLndAQH1ShLAQKpTQ//ZdBhO9N7eWoVow54d71FlfX+ti3+foXJ
SpfYGuZ/AWakYrq81E5YXhBLxAtGm4L4oDClDWwa+Ld5QLVtlMOZ0Jdl8bTvVjoN
rqRSq+ejGLo3GqJKVZkTwaOVji8eChPnCYDXrVRwRq2Seov8jYrrQE6Xrcy5dTYM
kpBPp69XGK0sxDXmHeAw/uUZ8LwLRiCVn19fxggjz+PykAW9IC/cT10H9UsUVzOc
By5Q/QCKBUSLM4D2RVb3jYngq5nlNgZ5yBOtUtduxUtekazyRqiWmdvyb1E6uDI+
f1u2fe8bxoXqECq/w/t4YupoidZ6l2+BV1Npapc7v5qXRmNKoyNmR7xglJRAoNtC
J85k4cftpLLllohFE6BniKcsyva+hl3oCgEYYhUIdd35mN3ff2xDgxmobvUNEycG
RS9x71DjCTym/QrfBWWcZZGXW+HW/nVvZuisrEJiOw0GIP7FlD3vIiGG76ihcfbp
he3GWPEqvHx5dl2A11zMUY+yXwNA+MgiVIUJzfVulSQfzYACYY7OIINDmJQGLA6Y
5Nu0ErTo9usGvhrwGhiS5YDwUfIbkBayyHYr25JwsKHt3a3+fmXXqAlqNINkcGhM
NFcKo7NrFQbZmjouvJWcdu6IDXdWpFPnvv66ScOms1mgB1XZF70hIwezq7Qh3TcG
GPd6VRuk+vE=
=i+BF
-----END PGP SIGNATURE-----