[ MDVSA-2012:014 ] glpi



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:014
http://www.mandriva.com/security/
_______________________________________________________________________

Package : glpi
Date : February 6, 2012
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in GLPI:

The autocompletion functionality in GLPI before 0.80.2 does not
blacklist certain username and password fields, which allows remote
attackers to obtain sensitive information via a crafted POST request
(CVE-2011-2720).

This advisory provides the latest version of GLPI (0.80.6) which are
not vulnerable to this issue. Additionally the latest versions of
the corresponding plugins are also being provided.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2720
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
c7f395789eb64eb9e0ffc4342a99ed55 mes5/i586/glpi-0.80.6-0.1mdvmes5.2.noarch.rpm
078100b3f360e6582e87298a81145f1a mes5/i586/glpi-plugin-archires-1.9.1-0.1mdvmes5.2.noarch.rpm
53890496416d72fdd51b2057ae1a1f3c mes5/i586/glpi-plugin-datainjection-2.1.2-0.1mdvmes5.2.noarch.rpm
a708034532f947e7a63af7c2c621d0ce mes5/i586/glpi-plugin-fusioninventory-2.4.0-0.1mdvmes5.2.noarch.rpm
fd71716b4725f241bd4f0e84a8758202 mes5/i586/glpi-plugin-fusioninventory-deploy-2.4.0-0.1mdvmes5.2.noarch.rpm
00c3905d1ebe05f496302681371b5caa mes5/i586/glpi-plugin-fusioninventory-inventory-2.4.0-0.1mdvmes5.2.noarch.rpm
4e34bd20f1e30ef96ea5dfcf0a8fe7cb mes5/i586/glpi-plugin-fusioninventory-snmp-2.4.0-0.1mdvmes5.2.noarch.rpm
cd03c2b5099971e730f17dc9d882a564 mes5/i586/glpi-plugin-genericobject-2.0.1-0.1mdvmes5.2.noarch.rpm
8964b51517e131d3f07a0ee4bc38ef22 mes5/i586/glpi-plugin-manufacturersimports-1.4.1-0.1mdvmes5.2.noarch.rpm
b3c462fef41e1878b41f7355a84d59e4 mes5/i586/glpi-plugin-massocsimport-1.5.2-0.1mdvmes5.2.noarch.rpm
2301fd4253cfdfc61422f2defabe6cb6 mes5/i586/glpi-plugin-racks-1.2.0-0.1mdvmes5.2.noarch.rpm
f0f0842991e24b58c0e348dbd836d767 mes5/i586/glpi-plugin-reports-1.5.0-0.1mdvmes5.2.noarch.rpm
7288cd69af6d5848a373b2628c69bc66 mes5/i586/glpi-plugin-webservices-1.2.0-0.1mdvmes5.2.noarch.rpm
955fbca4fe60125b3e19bac2fb333376 mes5/i586/perl-Parallel-ForkManager-0.7.9-0.1mdvmes5.2.noarch.rpm
1d11c45cea71dd7730eee4439f48ef05 mes5/SRPMS/glpi-0.80.6-0.1mdvmes5.2.src.rpm
87c1748b9a0391655babc46ff5b85405 mes5/SRPMS/glpi-plugin-archires-1.9.1-0.1mdvmes5.2.src.rpm
af029f6e1c9397d9e48c8f5bbe4169c3 mes5/SRPMS/glpi-plugin-datainjection-2.1.2-0.1mdvmes5.2.src.rpm
0776abf6bf577c5250898152c306b6e6 mes5/SRPMS/glpi-plugin-fusioninventory-2.4.0-0.1mdvmes5.2.src.rpm
332327381f568a1874959649c4c90d10 mes5/SRPMS/glpi-plugin-genericobject-2.0.1-0.1mdvmes5.2.src.rpm
23fe81b495620dd3b585c379159a4356 mes5/SRPMS/glpi-plugin-manufacturersimports-1.4.1-0.1mdvmes5.2.src.rpm
f278b793d1da40e30d5ca6b48dd10d57 mes5/SRPMS/glpi-plugin-massocsimport-1.5.2-0.1mdvmes5.2.src.rpm
d1ae9d8e59075559ff9bf258585142de mes5/SRPMS/glpi-plugin-racks-1.2.0-0.1mdvmes5.2.src.rpm
afb9113a0043b01cd6ae20aee54836d0 mes5/SRPMS/glpi-plugin-reports-1.5.0-0.1mdvmes5.2.src.rpm
4cb6f5e63f60eb123e9c934f26361b13 mes5/SRPMS/glpi-plugin-webservices-1.2.0-0.1mdvmes5.2.src.rpm
fadf8996860cde48a9b22aa3d20173eb mes5/SRPMS/perl-Parallel-ForkManager-0.7.9-0.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
e29fd9e505428488ebdc44bbd9a8ef85 mes5/x86_64/glpi-0.80.6-0.1mdvmes5.2.noarch.rpm
736f66685b8abf7bd50d991467641c4f mes5/x86_64/glpi-plugin-archires-1.9.1-0.1mdvmes5.2.noarch.rpm
6b729ce24cf97bdedc4592222899df51 mes5/x86_64/glpi-plugin-datainjection-2.1.2-0.1mdvmes5.2.noarch.rpm
b38dff9e035640be7e391fff3b353bfd mes5/x86_64/glpi-plugin-fusioninventory-2.4.0-0.1mdvmes5.2.noarch.rpm
7b27d4ece0c54032c55602a1688ecbd7 mes5/x86_64/glpi-plugin-fusioninventory-deploy-2.4.0-0.1mdvmes5.2.noarch.rpm
b153b807be6f6e1ed585e656ccb0fa20 mes5/x86_64/glpi-plugin-fusioninventory-inventory-2.4.0-0.1mdvmes5.2.noarch.rpm
b75527a8b2bbc79bb7f441465f3962e2 mes5/x86_64/glpi-plugin-fusioninventory-snmp-2.4.0-0.1mdvmes5.2.noarch.rpm
7a1758ad413b72d537bf623697751ceb mes5/x86_64/glpi-plugin-genericobject-2.0.1-0.1mdvmes5.2.noarch.rpm
bbc1b138b488a08f4d67fb077808892e mes5/x86_64/glpi-plugin-manufacturersimports-1.4.1-0.1mdvmes5.2.noarch.rpm
892a7f48b8e809a8746b564f85b13a92 mes5/x86_64/glpi-plugin-massocsimport-1.5.2-0.1mdvmes5.2.noarch.rpm
6cad8a2f9f8c17135f996317d5e23845 mes5/x86_64/glpi-plugin-racks-1.2.0-0.1mdvmes5.2.noarch.rpm
95c066f7b2f13b06332da9807ebdeef5 mes5/x86_64/glpi-plugin-reports-1.5.0-0.1mdvmes5.2.noarch.rpm
4d19a6dda012a3c7599e133b93728d80 mes5/x86_64/glpi-plugin-webservices-1.2.0-0.1mdvmes5.2.noarch.rpm
d786be82c4669422ab2b67e6cdbe6fe7 mes5/x86_64/perl-Parallel-ForkManager-0.7.9-0.1mdvmes5.2.noarch.rpm
1d11c45cea71dd7730eee4439f48ef05 mes5/SRPMS/glpi-0.80.6-0.1mdvmes5.2.src.rpm
87c1748b9a0391655babc46ff5b85405 mes5/SRPMS/glpi-plugin-archires-1.9.1-0.1mdvmes5.2.src.rpm
af029f6e1c9397d9e48c8f5bbe4169c3 mes5/SRPMS/glpi-plugin-datainjection-2.1.2-0.1mdvmes5.2.src.rpm
0776abf6bf577c5250898152c306b6e6 mes5/SRPMS/glpi-plugin-fusioninventory-2.4.0-0.1mdvmes5.2.src.rpm
332327381f568a1874959649c4c90d10 mes5/SRPMS/glpi-plugin-genericobject-2.0.1-0.1mdvmes5.2.src.rpm
23fe81b495620dd3b585c379159a4356 mes5/SRPMS/glpi-plugin-manufacturersimports-1.4.1-0.1mdvmes5.2.src.rpm
f278b793d1da40e30d5ca6b48dd10d57 mes5/SRPMS/glpi-plugin-massocsimport-1.5.2-0.1mdvmes5.2.src.rpm
d1ae9d8e59075559ff9bf258585142de mes5/SRPMS/glpi-plugin-racks-1.2.0-0.1mdvmes5.2.src.rpm
afb9113a0043b01cd6ae20aee54836d0 mes5/SRPMS/glpi-plugin-reports-1.5.0-0.1mdvmes5.2.src.rpm
4cb6f5e63f60eb123e9c934f26361b13 mes5/SRPMS/glpi-plugin-webservices-1.2.0-0.1mdvmes5.2.src.rpm
fadf8996860cde48a9b22aa3d20173eb mes5/SRPMS/perl-Parallel-ForkManager-0.7.9-0.1mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPL/hKmqjQ0CJFipgRAmPqAJ9z3UK7UzfWJy5qax1St6uY3ZAM/ACg6v7T
3Z9myGeq0S6DAqIk3ctP1Cs=
=TLKh
-----END PGP SIGNATURE-----



Relevant Pages

  • [Full-disclosure] [ MDVSA-2012:014 ] glpi
    ... Affected: Enterprise Server 5.0 ... A vulnerability has been found and corrected in GLPI: ... Mandriva Enterprise Server 5/X86_64: ...
    (Full-Disclosure)
  • [Full-disclosure] [ MDVSA-2013:234 ] python-django
    ... Business Server 1.0, Enterprise Server 5.0 ... A vulnerability has been discovered and corrected in python-django: ... The updated packages have been patched to correct this issue. ... Mandriva Enterprise Server 5/X86_64: ...
    (Full-Disclosure)
  • [ MDVSA-2013:234 ] python-django
    ... Business Server 1.0, Enterprise Server 5.0 ... A vulnerability has been discovered and corrected in python-django: ... The updated packages have been patched to correct this issue. ... Mandriva Enterprise Server 5/X86_64: ...
    (Bugtraq)
  • [Full-disclosure] [ MDVSA-2013:151 ] curl
    ... Business Server 1.0, Enterprise Server 5.0 ... Updated curl packages fix security vulnerability: ... Mandriva Enterprise Server 5/X86_64: ... All packages are signed by Mandriva for security. ...
    (Full-Disclosure)
  • [Full-disclosure] [ MDVSA-2009:242-1 ] dovecot
    ... Affected: Enterprise Server 5.0 ... a different vulnerability than CVE-2009-2632 ... Packages for Enterprise 5 i586 were missing with the previous ... Mandriva Enterprise Server 5/X86_64: ...
    (Full-Disclosure)