Описание
Security update for froxlor
This update for froxlor fixes the following issues:
-
Upstream upgrade to version 0.10.23 (boo#846355)
-
Upstream upgrade to version 0.10.22 (boo#846355)
-
BuildRequire cron as this contains now the cron directories
-
Use %license for COPYING file instead of %doc [boo#1082318]
Upstream upgrade to version 0.9.40.1 (boo#846355)
new features besides API that found their way in:
- 2FA / TwoFactor Authentication for accounts
- MySQL8 compatibility
- new implementation of Let's Encrypt (acme.sh)
- customizable error/access log handling for webserver (format, level, pipe-to-script, etc.)
- lots and lots of bugfixes and small enhancements
Upstream upgrade to version 0.9.39.5 (boo#846355)
- PHP rand function for random number generation fixed in previous version (boo#1025193) CVE-2016-5100
- upstream upgrade to version 0.9.39 (boo#846355)
- Add and change of froxlor config files and manual
- Change Requires to enable use with php7
Список пакетов
openSUSE Leap 15.2
froxlor-0.10.23-lp152.4.3.1
Ссылки
- E-Mail link for openSUSE-SU-2021:0415-1
- SUSE Security Ratings
- SUSE Bug 1025193
- SUSE Bug 1082318
- SUSE Bug 846355
- SUSE Bug 958100
- SUSE CVE CVE-2016-5100 page
Описание
Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.
Затронутые продукты
openSUSE Leap 15.2:froxlor-0.10.23-lp152.4.3.1
Ссылки
- CVE-2016-5100
- SUSE Bug 1025193