Lucene search

DebianDEBIAN:DLA-2949-1:91696

HistoryMar 15, 2022 - 10:55 a.m.

[SECURITY] [DLA 2949-1] spip security update

2022-03-1510:55:21

lists.debian.org

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.1%

JSON

Debian LTS Advisory DLA-2949-1 [email protected]
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
March 15, 2022 https://wiki.debian.org/LTS

Package : spip
Version : 3.1.4-4~deb9u5
CVE ID : CVE-2022-26846 CVE-2022-26847

It was discovered that SPIP, a website engine for publishing, would
allow a malicious user to execute arbitrary code.

For Debian 9 stretch, these problems have been fixed in version
3.1.4-4~deb9u5.

We recommend that you upgrade your spip packages.

For the detailed security status of spip please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/spip

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10allspip< 3.2.4-1+deb10u7spip_3.2.4-1+deb10u7_all.deb
Debian9allspip< 3.1.4-4~deb9u5spip_3.1.4-4~deb9u5_all.deb
Debian11allspip< 3.2.11-3+deb11u3spip_3.2.11-3+deb11u3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	all	spip	< 3.2.4-1+deb10u7	spip_3.2.4-1+deb10u7_all.deb
Debian	9	all	spip	< 3.1.4-4~deb9u5	spip_3.1.4-4~deb9u5_all.deb
Debian	11	all	spip	< 3.2.11-3+deb11u3	spip_3.2.11-3+deb11u3_all.deb