218625 CVE-2008-2041 2008-04-20 18:55 0000 www-apps/egroupware <1.4.004 File Upload Vulnerability (CVE-2008-2041) 2008-05-07 22:04:13 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://secunia.com/advisories/29790/ C1 [glsa] P2 major --- 1 smoothp9nguin@gmail.com security@gentoo.org web-apps@gentoo.org smoothp9nguin@gmail.com 2008-04-20 18:55:10 0000 Secunia: Description: A vulnerability has been reported in eGroupWare, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error related to FCKEditor. This can be exploited to e.g. upload malicious files and execute arbitrary PHP code, but requires that a directory is writable by the webserver. This may be related to: SA27123http://secunia.com/advisories/29790/ The vulnerability is reported in versions prior to 1.4.004. Solution: Update to version 1.4.004. hollow@gentoo.org 2008-04-25 11:44:02 0000 in cvs rbu@gentoo.org 2008-04-25 21:08:20 0000 Arches, please test and mark stable: =www-apps/egroupware-1.4.004 Target keywords : "alpha amd64 hppa ppc release x86" maekke@gentoo.org 2008-04-26 11:13:56 0000 amd64/x86 stable jer@gentoo.org 2008-04-26 15:18:57 0000 Stable for HPPA. armin76@gentoo.org 2008-04-27 18:42:20 0000 alpha stable dertobi123@gentoo.org 2008-04-28 17:04:44 0000 ppc stable pva@gentoo.org 2008-04-29 06:19:08 0000 Fixed in release snapshot. keytoaster@gentoo.org 2008-04-29 12:59:00 0000 GLSA request filed. vorlon@gentoo.org 2008-04-29 13:07:26 0000 might want to include bug 214212 in the GLSA py@gentoo.org 2008-05-07 22:04:13 0000 GLSA 200805-04