Package "gosa"

Name: gosa


Web Based LDAP Administration Program

Latest version: 2.7.4+reloaded2-9ubuntu1.1
Release: xenial (16.04)
Level: updates
Repository: universe
Homepage: https://oss.gonicus.de/labs/gosa/


Download "gosa"

Other versions of "gosa" in Xenial

Repository Area Version
base universe 2.7.4+reloaded2-9ubuntu1
security universe 2.7.4+reloaded2-9ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Version: 2.7.4+reloaded2-9ubuntu1.1 2020-10-28 21:06:18 UTC

  gosa (2.7.4+reloaded2-9ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Server-Side Reflected XSS vulnerability
    - debian/patches/0013_escape-html-entities-for-uid-to-avoid-code-execution-
      CVE-2018-1000528.patch: Sanitize the uid POST parameter in
    - CVE-2018-1000528
  * SECURITY UPDATE: Incorrect Access Control
    - debian/patches/1046_CVE-2019-11187_stricter-ldap-error-check.patch: Use a
      stricter error check in ldap::success()
      of include/class_ldap.inc.
    - CVE-2019-11187
  * SECURITY UPDATE: PHP objection injection vulnerability
    - debian/patches/1047_CVE-2019-14466-{1,2}_replace_unserialize_with_json_
      encode+json_decode.patch: Replace serialize/unserialize with
      json_encode/json_decode and preform type-checking on return value.
    - CVE-2019-14466

 -- Avital Ostromich <email address hidden> Wed, 14 Oct 2020 20:46:40 -0400

CVE-2018-1000528 GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password fo
CVE-2019-11187 Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing t
CVE-2019-14466 The GOsa_Filter_Settings cookie in GONICUS GOsa is vulnerable to PHP objection injection, which allows a remote authenticated attacker to per

About   -   Send Feedback to @ubuntu_updates