Red Hat Bugzilla – Bug 1295836
CVE-2015-8747 CVE-2015-8748 radicale: Multiple security issues fixed in 1.1
Last modified: 2016-01-19 18:56:25 EST
Multiple security fixes related mmostly to improved input sanitization appeared in release of radicale 1.1:
* Improve the regex used for well-known URIs
* Prevent regex injection in rights management
* Prevent crafted HTTP request from calling arbitrary functions
* Improve URI sanitation and conversion to filesystem path
* Decouple the daemon from its parent environment
Created radicale tracking bugs for this issue:
Affects: fedora-all [bug 1295837]
Issues stated in changelog can be overlapping, MITRE grouped these issues into two and assigned CVEs:
CVE-2015-8747 - The multifilesystem backend allows access to arbitrary files on all platforms.
CVE-2015-8748 - Prevent regex injection in rights management
radicale-1.1.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
radicale-1.1.1-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.