Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- Debian Security Advisory 5399-1[6]
- Authored by Debian[7] | Site debian.org[8]
-
Debian Linux Security Advisory 5399-1 - Several vulnerabilities were discovered in odoo, a suite of web based open source business apps.
- systems | linux[9], debian[10]
- advisories | CVE-2021-23166[11], CVE-2021-23176[12], CVE-2021-23178[13], CVE-2021-23186[14], CVE-2021-23203[15], CVE-2021-26263[16], CVE-2021-26947[17], CVE-2021-44476[18], CVE-2021-44775[19], CVE-2021-45071[20], CVE-2021-45111[21]
- SHA-256 |
a78a32a70f46f783c8bb8aca34a81b71c9cd3fe2d62bc6fa0512471ff5737d66 - Download[22] | Favorite[23] | View[24]
Change Mirror[25] Download[26]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5399-1 Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.
https://www.debian.org/security/ Sebastien Delafond
May 05, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : odoo
CVE ID : CVE-2021-23166 CVE-2021-23176 CVE-2021-23178 CVE-2021-23186
CVE-2021-23203 CVE-2021-26263 CVE-2021-26947 CVE-2021-44476
CVE-2021-44775 CVE-2021-45071 CVE-2021-45111
Several vulnerabilities were discovered in odoo, a suite of web based
open source business apps.
CVE-2021-44775, CVE-2021-26947, CVE-2021-45071, CVE-2021-26263:
XSS allowing remote attacker to inject arbitrary commands.
CVE-2021-45111:
Incorrect access control allowing authenticated remote user to
create user accounts and access restricted data.
CVE-2021-44476, CVE-2021-23166:
Incorrect access control allowing authenticated remote administrator
to access local files on the server.
CVE-2021-23186:
Incorrect access control allowing authenticated remote administrator
to modify database contents of other tenants.
CVE-2021-23178:
Incorrect access control allowing authenticated remote user to
use another user's payment method.
CVE-2021-23176:
Incorrect access control allowing authenticated remote user to
access accounting information.
CVE-2021-23203:
Incorrect access control allowing authenticated remote user to
access arbitrary documents via PDF exports.
For the stable distribution (bullseye), these problems have been fixed in
version 14.0.0+dfsg.2-7+deb11u1.
We recommend that you upgrade your odoo packages.
For the detailed security status of odoo please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/odoo
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmRU7kEACgkQEL6Jg/PV
nWTQrAf+K6CpxmFeKM/7G70xafsw+lLu4UlaoLYUh55rgsFd9/YHUuwCHiCmoP1P
4GnVJkNu6qj8rW1EReUtKZ76XQTLsD9ZxgM6tFBGA9EDi0hPjR4KEI7jtdXjx9ro
8LOyu51xeqoraKTmkPw+EnUCWCjutH78l8y9ywqHORQI0WM9Q2Zh0fHJz1c+2uzd
HqFvo1brOgu7zkI3luH8IjEHpCHpUVbe8rTnY0g2PSrZott/k0fIZ8qNSzyfG7ah
R5auoI5y+z5TusByKWnQ48jQCbU8WeqXaQUqT/pGtjGz9ljClTwDkmqqv/6BNnyF
Et5uV+Yn6UWsxXUcz6u9CwOzkrpVxA==
=KDFV
-----END PGP SIGNATURE-----
Follow us on
Facebook
Subscribe to an RSS
FeedFile Tags
- ActiveX[32] (932)
- Advisory[33] (80,918)
- Arbitrary[34] (15,992)
- BBS[35] (2,859)
- Bypass[36] (1,665)
- CGI[37] (1,024)
- Code Execution[38] (7,115)
- Conference[39] (677)
- Cracker[40] (841)
- CSRF[41] (3,311)
- DoS[42] (23,044)
- Encryption[43] (2,359)
- Exploit[44] (50,993)
- File Inclusion[45] (4,192)
- File Upload[46] (951)
- Firewall[47] (821)
- Info Disclosure[48] (2,705)
- Intrusion Detection[49] (879)
- Java[50] (2,993)
- JavaScript[51] (834)
- Kernel[52] (6,516)
- Local[53] (14,352)
- Magazine[54] (586)
- Overflow[55] (12,561)
- Perl[56] (1,419)
- PHP[57] (5,118)
- Proof of Concept[58] (2,302)
- Protocol[59] (3,527)
- Python[60] (1,490)
- Remote[61] (30,419)
- Root[62] (3,546)
- Rootkit[63] (505)
- Ruby[64] (605)
- Scanner[65] (1,633)
- Security Tool[66] (7,838)
- Shell[67] (3,152)
- Shellcode[68] (1,211)
- Sniffer[69] (892)
- Spoof[70] (2,188)
- SQL Injection[71] (16,200)
- TCP[72] (2,390)
- Trojan[73] (687)
- UDP[74] (882)
- Virus[75] (664)
- Vulnerability[76] (31,476)
- Web[77] (9,514)
- Whitepaper[78] (3,741)
- x86[79] (948)
- XSS[80] (17,638)
- Other[81]
File Archives
- May 2023[82]
- April 2023[83]
- March 2023[84]
- February 2023[85]
- January 2023[86]
- December 2022[87]
- November 2022[88]
- October 2022[89]
- September 2022[90]
- August 2022[91]
- July 2022[92]
- June 2022[93]
- Older[94]
Systems
- AIX[95] (426)
- Apple[96] (1,969)
- BSD[97] (372)
- CentOS[98] (57)
- Cisco[99] (1,920)
- Debian[100] (6,735)
- Fedora[101] (1,691)
- FreeBSD[102] (1,244)
- Gentoo[103] (4,307)
- HPUX[104] (878)
- iOS[105] (342)
- iPhone[106] (108)
- IRIX[107] (220)
- Juniper[108] (67)
- Linux[109] (45,443)
- Mac OS X[110] (684)
- Mandriva[111] (3,105)
- NetBSD[112] (256)
- OpenBSD[113] (482)
- RedHat[114] (13,104)
- Slackware[115] (941)
- Solaris[116] (1,609)
- SUSE[117] (1,444)
- Ubuntu[118] (8,534)
- UNIX[119] (9,223)
- UnixWare[120] (185)
- Windows[121] (6,544)
- Other[122]
© 2022 Packet Storm. All rights reserved.
- Services
- Security Services[133]
- Hosting By
- Rokasec[134]
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Read more https://packetstormsecurity.com/files/172184/dsa-5399-1.txt
