Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 486
Alerts This Week
Warning Icon 1 486

Fedora: php-horde-horde Security Advisory for CSRF Issues

fedora
Calendar Grey November 4, 2015
Dist Fedora Esm H88
The latest release of php-horde-horde enhances security measures against CSRF vulnerabilities while also optimizing performance in the Fedora 21 ecosystem.
**horde 5.2.8** * [mjr] SECURITY: Protect against CSRF attacks on various admin pages

Summary

The Horde Application Framework is a flexible, modular, general-purpose web

application framework written in PHP. It provides an extensive array of

components that are targeted at the common problems and tasks involved in

developing modern web applications. It is the basis for a large number of

production-level web applications, notably the Horde Groupware suites. For

more information on Horde or the Horde Groupware suites, visit

https://www.horde.org/

Update Information:

**horde 5.2.8** * [mjr] SECURITY: Protect against CSRF attacks on various admin pages. * [jan] Don't apply access keys to checkbox and radiobox rows in the sidebar (Bug #14103). * [jan] Send correct MIME type for non-statically cached javascript files. * [mjr] Added configuration support for version 2 of WorldWeatherOnline's API. **ingo 3.2.7** * [jan] Update Italian translation. * [mjr] Add database migration for fixing corrupt rule ordering. * [mjr] Fix corruption of rule order when reordering rules in certain cases. **imp 6.2.11** * [mjr] Request that the contacts API only consider email fields when detecting duplicates during automatic saving of attendees to the address book (Bug #14119). * [jan] Don't show 'Create Keys' button if creating PGP keys is disabled (steffen.hau@rz.uni-mannheim.de, Request #14096). * [mjr] Fix displaying iTips with certain locale/date_format preference combinations (Bug #14076). **passwd 5.0.4** * [mjr] Fix changing password using Kolab driver (...

Change Log

References


[ 1 ] Bug #1277410 - php-horde-horde: Multiple CSRF vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=1277410

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update php-horde-horde' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: php-horde-horde
Product: Fedora 21
Version: 5.2.8
Release: 1.fc21
Summary: Horde Application Framework

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.