You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa redmine

Sigurnosni nedostaci programskog paketa redmine

==========================================================================
Ubuntu Security Notice USN-4200-1
November 26, 2019

redmine vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in redmine.

Software Description:
– redmine: flexible project management web application

Details:

It was discovered that Redmine incorrectly handle certain inputs that could
cause textile formatting errors. An attacker could possibly use this issue to
cause a XSS attack. (CVE-2019-17427)

It was discovered that an SQL injection could allow users to access protected
information via a crafted object query. (CVE-2019-18890)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
redmine 4.0.1-2ubuntu0.1
redmine-mysql 4.0.1-2ubuntu0.1
redmine-pgsql 4.0.1-2ubuntu0.1
redmine-sqlite 4.0.1-2ubuntu0.1

Ubuntu 18.04 LTS:
redmine 3.4.4-1ubuntu0.1
redmine-mysql 3.4.4-1ubuntu0.1
redmine-pgsql 3.4.4-1ubuntu0.1
redmine-sqlite 3.4.4-1ubuntu0.1

Ubuntu 16.04 LTS:
redmine 3.2.1-2ubuntu0.2
redmine-mysql 3.2.1-2ubuntu0.2
redmine-pgsql 3.2.1-2ubuntu0.2
redmine-sqlite 3.2.1-2ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4200-1
CVE-2019-17427, CVE-2019-18890

Package Information:
https://launchpad.net/ubuntu/+source/redmine/4.0.1-2ubuntu0.1
https://launchpad.net/ubuntu/+source/redmine/3.4.4-1ubuntu0.1
https://launchpad.net/ubuntu/+source/redmine/3.2.1-2ubuntu0.2
—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEkCdEQ5T6DutSveCybUp5kL3izGYFAl3cgFoACgkQbUp5kL3i
zGZYHBAAhak2X7uQ6ivqKvmZHe5te3yA2aE5p3Y7FkXNx2qEZxZZpbWDCZJbwjVy
9EiDuf16nynFc6d+ZZlxqXwSgFII2+rkEJ59wQiOUCgalALD+ZeKmQeV63kh4clq
rpeBpNqxfZcFtcwGGZDstOsx1ni7ll/feDQsZOBQItLKd3ReLE7zbhfy9bV+/j2i
iBjZJzUUMket+rAkP2pG11NrvanhZAnaLmAZs1dTmj/3T5iSZFbi/DQWmDqH7/cS
hUm6ZUp9KAFCarS0ux2Kp/zKG4Soq9DunztmZYHk7BCj5nCtWx9jQAJv+upwZ2HA
L3ZImSX7oZQrLgNwQbhMKTaMxPKWPUEOHVT1Jp9Xxv4nwG/hkitKKiG/h9p/g9z/
OBKE8BpoviEP0ATenyUxWuk7Wy0d/sHhoF8c/PFvtGwpQA+wG0JyXcAI0f4VfbkU
kq6T1/0PAm4WbdnTOBR0E5K47mXCLgVWZ0i4OiRpDlbNJaVbLrFow2hCOalzpCDm
ltHUGAvfl7yPX9Z2toIMkd+jvGJpdswfCnLC3eiJwqwQr2P5q05ghj7g1/6QfvCg
0zhErYLM4iZQm7ArzeLo4JqeLO83zqRNZ/s7twRWuV/wzw/UZlnU1NDGMSy6s+33
2HCpUIgIO/w9bF9T+C0Ty1uvaWeHhAXmZe3MIKbnw/IwhrS5uek=
=oYN1
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libvpx

Otkriveni su sigurnosni nedostaci programske biblioteke libvpx za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju izazivanje DoS stanja,...

Close