USN-4590-1: Collabtive vulnerability

19 October 2020

Collabtive could be made to run programs if it received specially crafted network traffic from an authenticated user.

Releases

Packages

  • collabtive - Web-based project management software

Details

It was discovered that Collabtive did not properly validate avatar image
file uploads. An authenticated user could exploit this with a crafted file
to cause Collabtive to execute arbitrary code. (CVE-2015-0258)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04

In general, a standard system update will make all the necessary changes.

References