Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5399-1] odoo security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5399-1] odoo security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Sebastien Delafond <seb AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5399-1] odoo security update
  • Date: Fri, 05 May 2023 12:02:38 +0000
  • Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
  • List-archive: https://lists.debian.org/msgid-search/E1puu90-008oOE-Fh AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=KmEUefDnPYwD+bI/I7kJ0kCFx0YMiL+0Oa0grnd73ts=; b=vb xF5pSQfUo2edigh8QiNQMCkiZECdRKmu/NOfptzV5oxKNiROfWv4rPBnxutOaqLlLANFh8igVLbKs vWD6FcGPsSuCQsnkmH3pMqZ49o3JFQaczfY+JJrwlEW3DPsuSPFsm5ScHTTGt+iX8yopFbfgGbWR+ 74YYNLZ3ar+KYcuGrMtBx/GWn3JH8q44WXWa8qzJ7T3UptMttDtSM1Va4bWe4FB4xZ5H2rVl14H1e meeI6HAzu520UbI/QwvlWqTE9g0AQJ5Yvh8Z99KpnGmw3IsqDSKeCsqzjY6PXwM9LOl09Uizd2TgX LQiiw3NQaVSg8+Q/qkWI3psXTxZkQeig==;
  • Old-return-path: <seb AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Fri, 5 May 2023 12:03:03 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <e4CVeasMFXN.A.ZP.3BPVkB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5399-1 security AT debian.org
https://www.debian.org/security/ Sebastien Delafond
May 05, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : odoo
CVE ID : CVE-2021-23166 CVE-2021-23176 CVE-2021-23178 CVE-2021-23186
CVE-2021-23203 CVE-2021-26263 CVE-2021-26947 CVE-2021-44476
CVE-2021-44775 CVE-2021-45071 CVE-2021-45111

Several vulnerabilities were discovered in odoo, a suite of web based
open source business apps.

CVE-2021-44775, CVE-2021-26947, CVE-2021-45071, CVE-2021-26263:

XSS allowing remote attacker to inject arbitrary commands.

CVE-2021-45111:

Incorrect access control allowing authenticated remote user to
create user accounts and access restricted data.

CVE-2021-44476, CVE-2021-23166:

Incorrect access control allowing authenticated remote administrator
to access local files on the server.

CVE-2021-23186:

Incorrect access control allowing authenticated remote administrator
to modify database contents of other tenants.

CVE-2021-23178:

Incorrect access control allowing authenticated remote user to
use another user's payment method.

CVE-2021-23176:

Incorrect access control allowing authenticated remote user to
access accounting information.

CVE-2021-23203:

Incorrect access control allowing authenticated remote user to
access arbitrary documents via PDF exports.

For the stable distribution (bullseye), these problems have been fixed in
version 14.0.0+dfsg.2-7+deb11u1.

We recommend that you upgrade your odoo packages.

For the detailed security status of odoo please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/odoo

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmRU7kEACgkQEL6Jg/PV
nWTQrAf+K6CpxmFeKM/7G70xafsw+lLu4UlaoLYUh55rgsFd9/YHUuwCHiCmoP1P
4GnVJkNu6qj8rW1EReUtKZ76XQTLsD9ZxgM6tFBGA9EDi0hPjR4KEI7jtdXjx9ro
8LOyu51xeqoraKTmkPw+EnUCWCjutH78l8y9ywqHORQI0WM9Q2Zh0fHJz1c+2uzd
HqFvo1brOgu7zkI3luH8IjEHpCHpUVbe8rTnY0g2PSrZott/k0fIZ8qNSzyfG7ah
R5auoI5y+z5TusByKWnQ48jQCbU8WeqXaQUqT/pGtjGz9ljClTwDkmqqv/6BNnyF
Et5uV+Yn6UWsxXUcz6u9CwOzkrpVxA==
=KDFV
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5399-1] odoo security update, Sebastien Delafond, 05.05.2023

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang