Joined: 12 May 2004
|Posted: Mon Nov 13, 2017 12:26 am Post subject: [ GLSA 201711-12 ] eGroupWare
|Gentoo Linux Security Advisory
Title: eGroupWare: Remote code execution (GLSA 201711-12)
Multiple vulnerabilities have been found in eGroupWare, the worst
of which allows remote attackers to execute arbitrary code.
eGroupWare is a suite of web-based group applications including
calendar, address book, messenger and email.
Vulnerable: <= 1.8.004.20120613
Architectures: All supported architectures
It was found that eGroupWare contains multiple code injection
vulnerabilities in multiple parameters and routes because of improper
A remote attacker could execute arbitrary code, delete arbitrary files
or inject arbitrary PHP objects via multiple routes.
There is no known workaround at this time.
Gentoo has discontinued support for eGroupWare and recommends that users
unmerge the package:
|# emerge --unmerge "www-apps/egroupware"
Last edited by GLSA on Mon Jan 15, 2018 4:17 am; edited 2 times in total