USN-4200-1: Redmine vulnerabilities
USN-4200-1: Redmine vulnerabilities redmine vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in redmine. Software Description redmine – flexible project management web application Details It was discovered that Redmine incorrectly handle certain inputs that could cause textile formatting errors. An attacker could possibly use this issue to cause a XSS attack. (CVE-2019-17427) It was discovered that an SQL injection could allow users to access protected information via a crafted object query. (CVE-2019-18890) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 redmine – 4.0.1-2ubuntu0.1 redmine-mysql – 4.0.1-2ubuntu0.1 redmine-pgsql – 4.0.1-2ubuntu0.1 redmine-sqlite – 4.0.1-2ubuntu0.1 Ubuntu 18.04 LTS redmine – 3.4.4-1ubuntu0.1 redmine-mysql – 3.4.4-1ubuntu0.1 redmine-pgsql – 3.4.4-1ubuntu0.1 redmine-sqlite – 3.4.4-1ubuntu0.1 Ubuntu 16.04 LTS redmine – [ more… ]
