Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.1309 php-horde-data security updates [DLA 2174-1 and DLA 2175-1] 15 April 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: php-horde-data Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-8865 CVE-2020-8518 Original Bulletin: https://lists.debian.org/debian-lts-announce/2020/04/msg00008.html https://lists.debian.org/debian-lts-announce/2020/04/msg00009.html Comment: This bulletin contains two (2) Debian security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- [DLA 2174-1] php-horde-data security update Package : php-horde-data Version : 2.1.0-5+deb8u1 CVE ID : CVE-2020-8518 Debian Bug : 951537 A remote code execution vulnerability was discovered in the Horde Application Framework. An authenticated remote attacker could use this flaw to cause execution of uploaded CSV data. For Debian 8 "Jessie", this problem has been fixed in version 2.1.0-5+deb8u1. We recommend that you upgrade your php-horde-data packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - ------------------------------------------------------------------------------ [DLA 2175-1] php-horde-trean security update Package : php-horde-trean Version : 1.1.1-2+deb8u1 CVE ID : CVE-2020-8865 Debian Bug : 955019 A directory traversal vulnerability resulting from insufficient input sanitization was discovered in the Horde Application Framework. An authenticated remote attacker could use this flaw to execute code in the context of the web server user. For Debian 8 "Jessie", this problem has been fixed in version 1.1.1-2+deb8u1. We recommend that you upgrade your php-horde-trean packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXpafw2aOgq3Tt24GAQhzjw//WJwPK6A+cXLi23EaMYcSXgaMqvwX98cw lGbSsNK0QSmowgr3SA9ufI/lRr1/UXNYzwlr67czEUbcqvKjy+hL4sbbQvE39ClV Nju+zijhgGlsmpaRuRsDID8A0Dl0iVvNMcgZpMAuV0fD4QkaHmSb072lwdoCYn9G RA+fITpcgzSYEFBwcAVXzVaf0+pimNbdLAtJ0PCTrqkiCZLESgJqAuTq40ij+Ic0 Qg/umXU5Wy+UW+dPw1bnR2+p3EZRmp5FTIkJGAGmNKrYPvuw5roTPinmkvIb2uOm 7We2UYcXGpCIuNWtbyll7X0GH5nwVRQuBFEJUZ4ykQ4ruizWgH2kDAJjIbBC1qgC WrTdx/CKtHbVKMp/Cc+a1qdvWEco2H+efNXCygecCuuwfgh/w1KVl3fCuNin8B8p rwzlyPfy3jxA7EZhAjxNKJ/0JBZx8fzAJjFiEsrV/xToMC5wnYCl0NWRiDXY0Sfx rDcciuCF9gDX8v70jLIAHcDDrDHIxr9tlz8z17od6uCei0+zYXu+BvOIWVGTcgiJ 7Eq+HfnGAoNKigz+fIP5IovCgDrHC8PMNan1fUa6ieIx/26Da4yfySZMIIGf93Aj plLGIaIWtvErEsFAlYGQgbQgDW5UAXLw/egWfqReVx3PDdnhb4I5TR4rX+CeXMGq tjQffvOYZwk= =LcwC -----END PGP SIGNATURE-----