You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa spip

Sigurnosni nedostaci programskog paketa spip

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LDE

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-4532-1 security@debian.org
https://www.debian.org/security/ Sebastien Delafond
September 25, 2019 https://www.debian.org/security/faq
– ————————————————————————-

Package : spip
CVE ID : CVE-2019-16391 CVE-2019-16392 CVE-2019-16393 CVE-2019-16394

It was discovered that SPIP, a website engine for publishing, would
allow unauthenticated users to modify published content and write to
the database, perform cross-site request forgeries, and enumerate
registered users.

For the oldstable distribution (stretch), these problems have been fixed
in version 3.1.4-4~deb9u3.

For the stable distribution (buster), these problems have been fixed in
version 3.2.4-1+deb10u1.

We recommend that you upgrade your spip packages.

For the detailed security status of spip please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/spip

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–

iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAl2LCqsACgkQEL6Jg/PV
nWTUKQf8DMA9C964jmPsK9Jb/5LusPWG/K5x0qu45xG8SqU/yY79h2plqupZ55Ug
3wO6DxJp9V+aKTU4h2kc99DjPfYgpYE9ccLeqCTp7uI7oAndaGQvaOCo6oHo+jVu
q25b9vgNHsQ4g/F0YkHAexgEe1+5vHwJBr99Xfq7i5PQkOP47Y4vlw0UaK2cA59w
C/KJ2ej0Smw0Km/PjNftmW8G5pVJhNu7bkIxN0Gvo9XHUnwrGt6mmMuaV45bxB9e
JnW6p6jTJEaqzEOsXTRlvOfhwL7q0UatDdP8Y4nQ9EaQZENix8tlw8c09GDZcWxA
RiJ3/J+vhqJrCPWo3SEg3Ekirp7HBg==
=IpUM
—–END PGP SIGNATURE—–

AutorZvonimir Bosnjak
Cert idNCERT-REF-2019-09-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak pogramske biblioteke libgcrypt

Otkriven je sigurnosni nedostatak programske biblioteke libgcrypt za operacijski sustav openSUSE. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija i...

Close