Fedora alert FEDORA-2014-17508 (glpi)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 19 Update: glpi-0.83.9.1-5.fc19 | |
| Date: | Thu, 01 Jan 2015 08:58:01 +0000 | |
| Message-ID: | <20150101085818.2AB596087556@bastion01.phx2.fedoraproject.org> |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2014-17508 2014-12-23 17:12:38 -------------------------------------------------------------------------------- Name : glpi Product : Fedora 19 Version : 0.83.9.1 Release : 5.fc19 URL : http://www.glpi-project.org/ Summary : Free IT asset management software Description : GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company (computer, software, printers...). It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-system with mail-notification and methods to build a database with basic information about your network-topology. -------------------------------------------------------------------------------- Update Information: fix SQL injection -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 22 2014 Remi Collet <remi@fedoraproject.org> - 0.83.9.1-5 - fix SQL Injection CVE-2014-9258 * Thu Sep 12 2013 Remi Collet <remi@fedoraproject.org> - 0.83.9.1-4 - restrict access for install to local for security - drop bundled Flash files files, #1000251 - Add a missing requirement on crontabs to spec file * Tue Jun 25 2013 Remi Collet <remi@fedoraproject.org> - 0.83.9.1-1 - version 0.83.91 released (security) https://forge.indepnet.net/versions/show/928 * Thu Jun 20 2013 Remi Collet <remi@fedoraproject.org> - 0.83.9-1 - version 0.83.9 released (security and bugfix) https://forge.indepnet.net/projects/glpi/versions/915 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1176166 - CVE-2014-9258 glpi: ajax/getDropdownValue.php SQL injection https://bugzilla.redhat.com/show_bug.cgi?id=1176166 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update glpi' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...