Fedora alert FEDORA-2014-17520 (glpi)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 20 Update: glpi-0.84.8-3.fc20 | |
| Date: | Thu, 01 Jan 2015 08:54:02 +0000 | |
| Message-ID: | <20150101085419.18E39608764E@bastion01.phx2.fedoraproject.org> |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2014-17520 2014-12-23 17:13:07 -------------------------------------------------------------------------------- Name : glpi Product : Fedora 20 Version : 0.84.8 Release : 3.fc20 URL : http://www.glpi-project.org/ Summary : Free IT asset management software Description : GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company (computer, software, printers...). It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-system with mail-notification and methods to build a database with basic information about your network-topology. -------------------------------------------------------------------------------- Update Information: fix SQL injection -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 22 2014 Remi Collet <remi@fedoraproject.org> - 0.84.8-3 - fix SQL Injection CVE-2014-9258 * Fri Nov 7 2014 Remi Collet <remi@fedoraproject.org> - 0.84.8-2 - use httpd_var_lib_t selinux context for /var/lib/glpi - don't rely on system selinux policy in EPEL-7 - fix apache configuration when mod_php not enabled * Fri Oct 17 2014 Remi Collet <remi@fedoraproject.org> - 0.84.8-1 - update to 0.84.8 https://forge.indepnet.net/versions/1072 - rely on system SELinux policy (Fedora >= 20, EPEL-7) * Fri Jul 11 2014 Remi Collet <remi@fedoraproject.org> - 0.84.7-1 - update to 0.84.7 https://forge.indepnet.net/versions/1068 * Wed Jun 18 2014 Remi Collet <remi@fedoraproject.org> - 0.84.6-1 - update to 0.84.6 https://forge.indepnet.net/versions/1028 * Wed Feb 26 2014 Remi Collet <remi@fedoraproject.org> - 0.84.5-1 - update to 0.84.5 https://forge.indepnet.net/projects/glpi/versions/1011 * Wed Jan 22 2014 Remi Collet <remi@fedoraproject.org> - 0.84.4-1 - update to 0.84.4 https://forge.indepnet.net/projects/glpi/versions/993 * Tue Jan 21 2014 Remi Collet <remi@fedoraproject.org> - 0.84.3-2 - fix SELinux context #1032995 use httpd_sys_rw_content_t instead of httpd_sys_script_rw_t -------------------------------------------------------------------------------- References: [ 1 ] Bug #1176166 - CVE-2014-9258 glpi: ajax/getDropdownValue.php SQL injection https://bugzilla.redhat.com/show_bug.cgi?id=1176166 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update glpi' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...