Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 486
Alerts This Week
Warning Icon 1 486

Fedora 22 Security Advisory: php-horde-imp CSRF Threat Mitigation

fedora
Calendar Grey November 4, 2015
Dist Fedora Esm H88
The latest update of Fedora's php-horde-imp strengthens defenses against CSRF vulnerabilities and refines several existing features.
**horde 5.2.8** * [mjr] SECURITY: Protect against CSRF attacks on various admin pages

Summary

IMP, the Internet Mail Program, is one of the most popular and widely

deployed open source webmail applications in the world. It allows

universal, web-based access to IMAP and POP3 mail servers and provides

Ajax, mobile and traditional interfaces with a rich range of features

normally found only in desktop email clients.

Update Information:

**horde 5.2.8** * [mjr] SECURITY: Protect against CSRF attacks on various admin pages. * [jan] Don't apply access keys to checkbox and radiobox rows in the sidebar (Bug #14103). * [jan] Send correct MIME type for non-statically cached javascript files. * [mjr] Added configuration support for version 2 of WorldWeatherOnline's API. **ingo 3.2.7** * [jan] Update Italian translation. * [mjr] Add database migration for fixing corrupt rule ordering. * [mjr] Fix corruption of rule order when reordering rules in certain cases. **imp 6.2.11** * [mjr] Request that the contacts API only consider email fields when detecting duplicates during automatic saving of attendees to the address book (Bug #14119). * [jan] Don't show 'Create Keys' button if creating PGP keys is disabled (steffen.hau@rz.uni-mannheim.de, Request #14096). * [mjr] Fix displaying iTips with certain locale/date_format preference combinations (Bug #14076). **passwd 5.0.4** * [mjr] Fix changing password using Kolab driver (...

Change Log

References


[ 1 ] Bug #1277410 - php-horde-horde: Multiple CSRF vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=1277410

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update php-horde-imp' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: php-horde-imp
Product: Fedora 22
Version: 6.2.11
Release: 1.fc22
Summary: A web based webmail system

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.