Support / Security / Advisories / Corporate Server 3.0 / MDVSA-2009:265

Package name: egroupware
Date: 2009-10-09
Advisory ID: MDVSA-2009:265
Affected versions: CS3.0 i586 , CS3.0 x86_64

Problem description

A vulnerability has been found and corrected in egroupware:

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php
in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5,
and other products, allows remote attackers to bypass HTML filtering
and conduct cross-site scripting (XSS) attacks via a string containing
crafted URL protocols (CVE-2008-1502).

This update fixes this vulnerability.

Updated packages

CS3.0 i586

 457cecc72afa918120321a8966612252  corporate/3.0/i586/egroupware-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 0581c150f34223ffca619cb51a9b3ef8  corporate/3.0/i586/egroupware-addressbook-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 08f5a493d2f53eff97a2ed67591704ca  corporate/3.0/i586/egroupware-backup-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 85683fa17c424fb5a55197f03f03ad25  corporate/3.0/i586/egroupware-bookmarks-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 e2ed0858b7692e20238c47408ac4cd0f  corporate/3.0/i586/egroupware-calendar-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 6324ffa9329f3b90aaa075c33ba95e61  corporate/3.0/i586/egroupware-comic-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 247cbc3ad35a1d4a69a6b46910441a59  corporate/3.0/i586/egroupware-developer_tools-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 6f8eed40950dd65ca34b0a998ab14388  corporate/3.0/i586/egroupware-email-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 d3f57d5a42c13a1b6cdc5494143b1958  corporate/3.0/i586/egroupware-emailadmin-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 4b7f9febbb027a18f16644f9635d7639  corporate/3.0/i586/egroupware-etemplate-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 4c087d8bd698af8bcddf6ec5d5b9cbf7  corporate/3.0/i586/egroupware-felamimail-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 9f84311b59999ee63c22a7794b8dab6e  corporate/3.0/i586/egroupware-filemanager-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 b74266537b1565e258fa4484917d2a82  corporate/3.0/i586/egroupware-forum-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 775bb85355c1f19829637f3700c65b66  corporate/3.0/i586/egroupware-ftp-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 a6f713c7982319808a0c6c2204988947  corporate/3.0/i586/egroupware-fudforum-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 b587eb709eb5d12aa71c054bbeb3cd9d  corporate/3.0/i586/egroupware-headlines-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 4507af2a59419333564d75579fc2f4fc  corporate/3.0/i586/egroupware-infolog-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 960d63bb470afc2f8f7b866d1191cfea  corporate/3.0/i586/egroupware-jinn-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 6457a2d31a8c65e0f88e73b55e95cf6d  corporate/3.0/i586/egroupware-messenger-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 5959c5074191b873a402e1ac15419a82  corporate/3.0/i586/egroupware-news_admin-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 aadbc64a9d9e3b6f86b0e3b41fc9da05  corporate/3.0/i586/egroupware-phpbrain-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 3f275d83b180588ad727de61833487d1  corporate/3.0/i586/egroupware-phpldapadmin-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 cbef9b0eca2cb8df009353040410849d  corporate/3.0/i586/egroupware-phpsysinfo-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 a9061f5c1f25c66b77f8043c03620da3  corporate/3.0/i586/egroupware-polls-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 74f044f22be1d7520e97b652360aa1b1  corporate/3.0/i586/egroupware-projects-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 800ff5ee14285e839c62ec6dec76fc3c  corporate/3.0/i586/egroupware-registration-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 1f379d0b2271ac427313d86376f30cad  corporate/3.0/i586/egroupware-sitemgr-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 15175bdf831db5c417638eadcb96e4f1  corporate/3.0/i586/egroupware-skel-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 06b659a78f167ea7f6692c322ebb82f1  corporate/3.0/i586/egroupware-stocks-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 45611686d1b08f132114896141b3d784  corporate/3.0/i586/egroupware-tts-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 ac829be87dfb4a749e7fa3b922ab6b92  corporate/3.0/i586/egroupware-wiki-1.0-0.RC3.1.2.C30mdk.noarch.rpm 
 be589dc7a30d06b98bb1289b7cee3403  corporate/3.0/SRPMS/egroupware-1.0-0.RC3.1.2.C30mdk.src.rpm

CS3.0 x86_64

 b30fe0bd3e13fdf0386a81aa8b81617d  corporate/3.0/x86_64/egroupware-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 3a3bfbe5d9bd6a1b1d2a0ce8118b53c9  corporate/3.0/x86_64/egroupware-addressbook-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 6353c98b4a4c46216450c6498a214549  corporate/3.0/x86_64/egroupware-backup-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 36f06dfc8b91aed12694802965f3b7d5  corporate/3.0/x86_64/egroupware-bookmarks-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 9051a4cdc2c47e81dedcd4056eecc492  corporate/3.0/x86_64/egroupware-calendar-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 131d9ad04d823549de81b41ff4c75f56  corporate/3.0/x86_64/egroupware-comic-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 c8a6afa0a901bd7824fca20fe58551ff  corporate/3.0/x86_64/egroupware-developer_tools-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 55a1f6d1923622da3a6612df1194229e  corporate/3.0/x86_64/egroupware-email-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 607efd47c3f2e5508213de801b53f391  corporate/3.0/x86_64/egroupware-emailadmin-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 d272ee42a96610be9fa72fde8776e21b  corporate/3.0/x86_64/egroupware-etemplate-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 21c040a81e2dd0c9cc2e36843733e94e  corporate/3.0/x86_64/egroupware-felamimail-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 2e41be9121952a53e0544ac5b23e8c59  corporate/3.0/x86_64/egroupware-filemanager-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 9a3f46cd1b0dc84e91c216d3e2071a4d  corporate/3.0/x86_64/egroupware-forum-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 4b6bd72f0be235f3393f0c2e1e8790e6  corporate/3.0/x86_64/egroupware-ftp-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 be11a023d3f373461108272d209a0b3f  corporate/3.0/x86_64/egroupware-fudforum-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 b019690736397b725705eef1d6eba642  corporate/3.0/x86_64/egroupware-headlines-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 57cf67c08141dd7cf7c675b798b4d80e  corporate/3.0/x86_64/egroupware-infolog-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 cd1278df8d05e8cf781a0c0d11ea0e5a  corporate/3.0/x86_64/egroupware-jinn-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 920f2fb5eda49d91573ef6d7f82c7d5d  corporate/3.0/x86_64/egroupware-messenger-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 8b5769f47bf947ddeb701437a0eaf51f  corporate/3.0/x86_64/egroupware-news_admin-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 7789c81159e504118cef48f2626b6aa3  corporate/3.0/x86_64/egroupware-phpbrain-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 3d3289b103d7867fb7d327d6723502e6  corporate/3.0/x86_64/egroupware-phpldapadmin-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 78bb39299236072dbc9feb0d52dcfa19  corporate/3.0/x86_64/egroupware-phpsysinfo-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 90d5b9cf520118d0faedfd40b897b120  corporate/3.0/x86_64/egroupware-polls-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 a5aeff0e59c2bbd9c30e1ed111ab2938  corporate/3.0/x86_64/egroupware-projects-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 7c1d1c2070094b5ded1f8f384039c96c  corporate/3.0/x86_64/egroupware-registration-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 d586dba8a8def827884913480020c356  corporate/3.0/x86_64/egroupware-sitemgr-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 10181ff6e3fce90704067254d94b657f  corporate/3.0/x86_64/egroupware-skel-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 22cf8d7faca70d766227ba42dcb776e7  corporate/3.0/x86_64/egroupware-stocks-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 c0635ca0d4ae5d0efe80c8b5ed344bf7  corporate/3.0/x86_64/egroupware-tts-1.0-0.RC3.1.2.C30mdk.noarch.rpm
 fb83084b226436fd61008220b27a3925  corporate/3.0/x86_64/egroupware-wiki-1.0-0.RC3.1.2.C30mdk.noarch.rpm 
 be589dc7a30d06b98bb1289b7cee3403  corporate/3.0/SRPMS/egroupware-1.0-0.RC3.1.2.C30mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1502