[SECURITY] [DSA 5029-1] sogo security update

2021-12-2213:59:07

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

64.8%

JSON

Debian Security Advisory DSA-5029-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
December 22, 2021 https://www.debian.org/security/faq

Package : sogo
CVE ID : CVE-2021-33054

It was discovered that missing SAML signature validation in the SOGo
groupware could result in impersonation attacks.

For the oldstable distribution (buster), this problem has been fixed
in version 4.0.7-1+deb10u2.

For the stable distribution (bullseye), this problem has been fixed in
version 5.0.1-4+deb11u1.

We recommend that you upgrade your sogo packages.

For the detailed security status of sogo please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/sogo

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9i386sogo< 3.2.6-2+deb9u1sogo_3.2.6-2+deb9u1_i386.deb
Debian11allsogo< 5.0.1-4+deb11u1sogo_5.0.1-4+deb11u1_all.deb
Debian10armhfsogo-dbgsym< 4.0.7-1+deb10u2sogo-dbgsym_4.0.7-1+deb10u2_armhf.deb
Debian10mipselsogo-dbgsym< 4.0.7-1+deb10u2sogo-dbgsym_4.0.7-1+deb10u2_mipsel.deb
Debian11amd64sogo< 5.0.1-4+deb11u1sogo_5.0.1-4+deb11u1_amd64.deb
Debian10mipselsogo< 4.0.7-1+deb10u2sogo_4.0.7-1+deb10u2_mipsel.deb
Debian11mipselsogo-dbgsym< 5.0.1-4+deb11u1sogo-dbgsym_5.0.1-4+deb11u1_mipsel.deb
Debian10arm64sogo< 4.0.7-1+deb10u2sogo_4.0.7-1+deb10u2_arm64.deb
Debian11s390xsogo< 5.0.1-4+deb11u1sogo_5.0.1-4+deb11u1_s390x.deb
Debian10amd64sogo< 4.0.7-1+deb10u2sogo_4.0.7-1+deb10u2_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	i386	sogo	< 3.2.6-2+deb9u1	sogo_3.2.6-2+deb9u1_i386.deb
Debian	11	all	sogo	< 5.0.1-4+deb11u1	sogo_5.0.1-4+deb11u1_all.deb
Debian	10	armhf	sogo-dbgsym	< 4.0.7-1+deb10u2	sogo-dbgsym_4.0.7-1+deb10u2_armhf.deb
Debian	10	mipsel	sogo-dbgsym	< 4.0.7-1+deb10u2	sogo-dbgsym_4.0.7-1+deb10u2_mipsel.deb
Debian	11	amd64	sogo	< 5.0.1-4+deb11u1	sogo_5.0.1-4+deb11u1_amd64.deb
Debian	10	mipsel	sogo	< 4.0.7-1+deb10u2	sogo_4.0.7-1+deb10u2_mipsel.deb
Debian	11	mipsel	sogo-dbgsym	< 5.0.1-4+deb11u1	sogo-dbgsym_5.0.1-4+deb11u1_mipsel.deb
Debian	10	arm64	sogo	< 4.0.7-1+deb10u2	sogo_4.0.7-1+deb10u2_arm64.deb
Debian	11	s390x	sogo	< 5.0.1-4+deb11u1	sogo_5.0.1-4+deb11u1_s390x.deb
Debian	10	amd64	sogo	< 4.0.7-1+deb10u2	sogo_4.0.7-1+deb10u2_amd64.deb