Debian 5.0 DSA-1829-2 Critical: Sork Passwd H3 Regression Fix
debian
July 14, 2009
The previous update introduced a regression in main.php, causing the module to fail
Topics Covered
Summary
The previous update introduced a regression in main.php, causing the
module to fail. This update corrects the flaw. . For reference the
original advisory text is below.
It was discovered that sork-passwd-h3, a Horde3 module for users to
change their password, is prone to a cross-site scripting attack via the
backend parameter.
For the oldstable distribution (etch), this problem has been fixed in
version 3.0-2+etch2.
For the stable distribution (lenny), this problem has been fixed in
version 3.0-2+lenny2.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 3.1-1.2.
We recommend that you upgrade your sork-passwd-h3 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: sork-passwd-h3
CVE ID: CVE-2009-2360
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!