Ubuntu alert USN-4590-1 (collabtive)

From:
               Avital Ostromich <avital.ostromich@canonical.com>
To:
               ubuntu-security-announce@lists.ubuntu.com
Subject:
               [USN-4590-1] Collabtive vulnerability
Date:
               Mon, 19 Oct 2020 14:14:18 -0400
Message-ID:
               <237d1be3-9abb-8bf0-8896-6e10d1220da5@canonical.com>
==========================================================================
Ubuntu Security Notice USN-4590-1
October 19, 2020

collabtive vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Collabtive could be made to run programs if it received
specially crafted network traffic from an authenticated user.

Software Description:
- collabtive: Web-based project management software

Details:

It was discovered that Collabtive did not properly validate avatar image
file uploads. An authenticated user could exploit this with a crafted file
to cause Collabtive to execute arbitrary code. (CVE-2015-0258)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  collabtive                      2.0+dfsg-6ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
  https://usn.ubuntu.com/4590-1
  CVE-2015-0258

Package Information:
  https://launchpad.net/ubuntu/+source/collabtive/2.0+dfsg-...

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...

From:		Avital Ostromich <avital.ostromich@canonical.com>
To:		ubuntu-security-announce@lists.ubuntu.com
Subject:		[USN-4590-1] Collabtive vulnerability
Date:		Mon, 19 Oct 2020 14:14:18 -0400
Message-ID:		<237d1be3-9abb-8bf0-8896-6e10d1220da5@canonical.com>