Security update for froxlor SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0450-1 Final 1 1 2021-03-19T19:05:59Z current 2021-03-19T19:05:59Z 2021-03-19T19:05:59Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for froxlor This update for froxlor fixes the following issues: - Upstream upgrade to version 0.10.23 (boo#846355) - Upstream upgrade to version 0.10.22 (boo#846355) - BuildRequire cron as this contains now the cron directories - Use %license for COPYING file instead of %doc [boo#1082318] Upstream upgrade to version 0.9.40.1 (boo#846355) new features besides API that found their way in: - 2FA / TwoFactor Authentication for accounts - MySQL8 compatibility - new implementation of Let's Encrypt (acme.sh) - customizable error/access log handling for webserver (format, level, pipe-to-script, etc.) - lots and lots of bugfixes and small enhancements Upstream upgrade to version 0.9.39.5 (boo#846355) - PHP rand function for random number generation fixed in previous version (boo#1025193) CVE-2016-5100 - upstream upgrade to version 0.9.39 (boo#846355) - Add and change of froxlor config files and manual - Change Requires to enable use with php7 This update was imported from the openSUSE:Leap:15.2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-450 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7YQHL4MI6XNUZ25CJOTEP4PACP46MIOF/ E-Mail link for openSUSE-SU-2021:0450-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1025193 SUSE Bug 1025193 https://bugzilla.suse.com/1082318 SUSE Bug 1082318 https://bugzilla.suse.com/846355 SUSE Bug 846355 https://bugzilla.suse.com/958100 SUSE Bug 958100 https://www.suse.com/security/cve/CVE-2016-5100/ SUSE CVE CVE-2016-5100 page SUSE Package Hub 15 SP2 froxlor-0.10.23-bp152.4.3.1 froxlor-0.10.23-bp152.4.3.1 as a component of SUSE Package Hub 15 SP2 Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value. CVE-2016-5100 SUSE Package Hub 15 SP2:froxlor-0.10.23-bp152.4.3.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7YQHL4MI6XNUZ25CJOTEP4PACP46MIOF/ https://www.suse.com/security/cve/CVE-2016-5100.html CVE-2016-5100 https://bugzilla.suse.com/1025193 SUSE Bug 1025193