Advisories ยป MGASA-2014-0380

Updated zarafa packages fix multiple vulnerabilities

Publication date: 22 Sep 2014
Modification date: 22 Sep 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0103 , CVE-2014-5447 , CVE-2014-5448 , CVE-2014-5449 , CVE-2014-5450

Description

Updated zarafa packages fix security vulnerabilities:

Robert Scheck reported that Zarafa's WebAccess stored session information,
including login credentials, on-disk in PHP session files. This session file
would contain a user's username and password to the Zarafa IMAP server
(CVE-2014-0103).

Robert Scheck discovered that the Zarafa Collaboration Platform has multiple
incorrect default permissions (CVE-2014-5447, CVE-2014-5448, CVE-2014-5449,
CVE-2014-5450).
                

References

SRPMS

4/core

3/core