Gentoo alert 200306-15 (phpbb) [LWN.net]


From:
    	       Daniel Ahlberg <aliz@gentoo.org>
To:
    	       gentoo-announce@gentoo.org
Subject:
    	       GLSA:  phpbb (200306-15)
Date:
    	       Sat, 28 Jun 2003 22:22:10 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200306-15
- - - ---------------------------------------------------------------------

          PACKAGE : phpbb
          SUMMARY : sql injection
             DATE : 2003-06-28 20:22 UTC
          EXPLOIT : remote
VERSIONS AFFECTED : <phpbb-2.0.5
    FIXED VERSION : >=phpbb-2.0.5
              CVE : CAN-2003-0486

- - - ---------------------------------------------------------------------

quote from cve:
"SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and 
earlier allows remote attackers to steal password hashes via the 
topic_id parameter."

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-www/phpbb upgrade to phpbb-2.0.5 as follows

emerge sync
emerge phpbb
emerge clean

- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
robbat2@gentoo.org
- - - ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+/fjyfT7nyhUpoZMRAq+RAJ4r4fijIo8hJaEJq/p0DIgeRoAobQCeJBQr
to/2NXfPD4yTEGDjhd+B4EQ=
=Ybzs
-----END PGP SIGNATURE-----
(Log in to post comments)