Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-989-1:B3815
HistoryMar 09, 2006 - 8:55 a.m.

[SECURITY] [DSA 989-1] New zoph packages fix SQL injection

2006-03-0908:55:11
lists.debian.org
7

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Debian Security Advisory DSA 989-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
March 9th, 2006 http://www.debian.org/security/faq

Package : zoph
Vulnerability : SQL injection
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-0402
Debian Bug : 350717

Neil McBride discovered that Zoph, a web based photo management system
performs insufficient sanitising for input passed to photo searches, which
may lead to the execution of SQL commands through a SQL injection attack.

The old stable distribution (woody) does not contain zoph packages.

For the stable distribution (sarge) this problem has been fixed in
version 0.3.3-12sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 0.5-1.

We recommend that you upgrade your zoph package.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/z/zoph/zoph_0.3.3-12sarge1.dsc
  Size/MD5 checksum:      570 ce9957fa5af8115a5aec530aabe6847f
http://security.debian.org/pool/updates/main/z/zoph/zoph_0.3.3-12sarge1.diff.gz
  Size/MD5 checksum:    53959 7c37d28798981a054c634cca92122199
http://security.debian.org/pool/updates/main/z/zoph/zoph_0.3.3.orig.tar.gz
  Size/MD5 checksum:   153902 5ff9d8e182e16d53e0511b6d51da8521

Architecture independent components:

http://security.debian.org/pool/updates/main/z/zoph/zoph_0.3.3-12sarge1_all.deb
  Size/MD5 checksum:   172190 a185b3cba99ea4bc0f46c73b68bb5a46

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

OSVersionArchitecturePackageVersionFilename
Debian3.1allzoph< 0.3.3-12sarge1zoph_0.3.3-12sarge1_all.deb

Related

nessus 1
openvas 2
debian 1
debiancve 1
cve 1
securityvulns 1
prion 1
ubuntucve 1
nessus
nessus
Debian DSA-989-1 : zoph - SQL injection
2006-10-14 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-989-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 989-1 (zoph)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 989-1] New zoph packages fix SQL injection
2006-03-09 00:00:00
debiancve
debiancve
CVE-2006-0402
2006-01-25 02:03:00
cve
cve
CVE-2006-0402
2006-01-25 02:03:00
securityvulns
securityvulns
[Full-disclosure] [SECURITY] [DSA 989-1] New zoph packages fix SQL injection
2006-03-09 00:00:00
prion
prion
Sql injection
2006-01-25 02:03:00
ubuntucve
ubuntucve
CVE-2006-0402
2006-01-25 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for DEBIAN:DSA-989-1:B3815
nessus1openvas2debian1debiancve1cve1securityvulns1prion1ubuntucve1