Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 189607
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Matt Fleming (RETIRED) <mjf@gentoo.org>
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 189607 depends on: Show dependency tree
Bug 189607 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-08-20 15:45 0000 
Some vulnerabilities have been reported in Ampache, which can be
exploited by malicious users to conduct SQL injection attacks and by
malicious people to conduct session fixation attacks.

1) Input passed to the "match" parameter in albums.php is not
properly sanitised before being used in SQL queries. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

2) An error in the session handling code can be exploited to hijack
another user's session by tricking the user into logging in after
following a specially crafted link.

The vulnerabilities are reported in versions prior to 3.3.3.5.

------- Comment #1 From Matt Fleming (RETIRED) 2007-08-20 15:47:49 0000 ------- 
CC'ing maintainers and setting whiteboard status.

------- Comment #2 From Pierre-Yves Rofes 2007-08-31 10:11:39 0000 ------- 
web-apps, version 3.3.3.5 is in the tree, is it ready for going stable? please
advise.

------- Comment #3 From Gunnar Wrobel 2007-09-03 06:56:18 0000 ------- 
Yes, it is ready. Please stabilize on amd64 ppc and x86

------- Comment #4 From Gunnar Wrobel 2007-09-03 07:25:46 0000 ------- 
cc'ing affected arches

------- Comment #5 From Pierre-Yves Rofes 2007-09-03 07:48:10 0000 ------- 
err, I think there was a problem with your cc'ing, and x86 seems already stable
:)
arches, please test and mark stable www-apps/ampache-3.3.3.5:
Target keywords are: "amd64 ppc x86"

------- Comment #6 From Thomas Anderson (tanderson) 2007-09-03 12:44:27 0000 ------- 
====amd64====

Installs+works.

Portage 2.1.2.12 (default-linux/amd64/2007.0/desktop, gcc-4.1.2, glibc-2.5-r4,
2.6.17-gentoo-r8 x86_64)
=================================================================
System uname: 2.6.17-gentoo-r8 x86_64 AMD Turion(tm) 64 Mobile Technology MT-37
Gentoo Base System release 1.12.9
Timestamp of tree: Sun, 02 Sep 2007 17:00:01 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632)
[disabled]
app-shells/bash:     3.2_p17
dev-lang/python:     2.4.4-r4
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.21
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=athlon64 -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/php/apache2-php5/ext-active/
/etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/terminfo"
CXXFLAGS="-march=athlon64 -O2 -pipe"
DISTDIR="/distfiles"
FEATURES="distlocks metadata-transfer sandbox sfperms strict"
GENTOO_MIRRORS="http://mirrors.acm.cs.rpi.edu/gentoo
http://distfiles.gentoo.org "
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages
--filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/overlay"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="acl acpi amd64 apache apache2 arts bash-completion berkdb cli contrarius
cracklib cran crypt cups dbus dvdread encode evo firefox gd glsa gpm iconv
inquisitio logrotate midi mmx mpeg mpeg2 mudflap mysql mysqli mythtv ncurses
nfs nls nptl nptlonly ogg openmp pcre perl php png portage python qa qt3support
readline reflection ruby session spl sse sse2 ssl svg tcpd tiff unicode ups usb
v4l v4l2 vfat vim-syntax xml xv zlib" ALSA_CARDS="ali5451 als4000 atiixp
atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801
hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem
ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug
file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate
route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev"
KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001
mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="via"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS,
LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

------- Comment #7 From Tobias Scherbaum 2007-09-03 18:09:45 0000 ------- 
ppc stable

------- Comment #8 From Christoph Mende 2007-09-04 11:34:01 0000 ------- 
amd64 stable

------- Comment #9 From Gunnar Wrobel 2007-09-04 13:02:13 0000 ------- 
removing web-apps

------- Comment #10 From Sune Kloppenborg Jeppesen 2007-09-08 15:41:01 0000 ------- 
This one is ready for GLSA vote. I vote YES.

------- Comment #11 From Pierre-Yves Rofes 2007-09-17 21:08:44 0000 ------- 
voting yes too, glsa request filed.

------- Comment #12 From Pierre-Yves Rofes 2007-10-13 11:49:11 0000 ------- 
GLSA 200710-13
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug