Debian DSA-1765-1 Critical: Horde3 Remote Threats Fixed
debian
April 8, 2009
Several vulnerabilities have been found in horde3, the horde web application framework
Summary
CVE-2009-0932
Gunnar Wrobel discovered a directory traversal vulnerability, which
allows attackers to include and execute arbitrary local files via the
driver parameter in Horde_Image.
CVE-2008-3330
It was discovered that an attacker could perform a cross-site scripting
attack via the contact name, which allows attackers to inject arbitrary
html code. This requires that the attacker has access to create
contacts.
CVE-2008-5917
It was discovered that the horde XSS filter is prone to a cross-site
scripting attack, which allows attackers to inject arbitrary html code.
This is only exploitable when Internet Explorer is used.
For the oldstable distribution (etch), these problems have been fixed in
version 3.1.3-4etch5.
For the stable distribution (lenny), these problems have been fixed in
version 3.2.2+debian0-2, which was already included in the lenny
release.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 3.2.2+debian0-2.
We recommend ...
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!