Advisories » MGASA-2014-0221

Updated egroupware packages fix a cross site request forgery

Publication date: 17 May 2014
Modification date: 17 May 2014
Type: security
Affected Mageia releases : 3 , 4

Description

Updated egroupware packages fix security vulnerabilities:

eGroupWare before 1.8.007 allows logged in users with administrative
priviledges to remotely execute arbitrary commands on the server.  It is
also vulnerable to a cross site request forgery vulnerability that allows
creating new administrative users.
                

References

• http://www.egroupware.org/forum#nabble-td3997580
• http://www.egroupware.org/changelog
• https://bugs.mageia.org/show_bug.cgi?id=13334

SRPMS

4/core

• egroupware-1.8.007.20140506-1.mga4

3/core

• egroupware-1.8.007.20140506-1.mga3