Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 498
Alerts This Week
Warning Icon 1 498

Fedora: 2015:37090f89d8 Critical: php-horde-passwd CSRF Protection Update

fedora
Calendar Grey November 4, 2015
Dist Fedora Esm H88
Critical patch released for php-horde-passwd on Fedora aimed at mitigating CSRF vulnerabilities and strengthening the protection of administrative interfaces.
**horde 5.2.8** * [mjr] SECURITY: Protect against CSRF attacks on various admin pages

Summary

An application to change any user passwords stored in various backends like

SQL, LDAP, Kolab, passwd files etc.

Update Information:

**horde 5.2.8** * [mjr] SECURITY: Protect against CSRF attacks on various admin pages. * [jan] Don't apply access keys to checkbox and radiobox rows in the sidebar (Bug #14103). * [jan] Send correct MIME type for non-statically cached javascript files. * [mjr] Added configuration support for version 2 of WorldWeatherOnline's API. **ingo 3.2.7** * [jan] Update Italian translation. * [mjr] Add database migration for fixing corrupt rule ordering. * [mjr] Fix corruption of rule order when reordering rules in certain cases. **imp 6.2.11** * [mjr] Request that the contacts API only consider email fields when detecting duplicates during automatic saving of attendees to the address book (Bug #14119). * [jan] Don't show 'Create Keys' button if creating PGP keys is disabled (steffen.hau@rz.uni-mannheim.de, Request #14096). * [mjr] Fix displaying iTips with certain locale/date_format preference combinations (Bug #14076). **passwd 5.0.4** * [mjr] Fix changing password using Kolab driver (...

Change Log

References


[ 1 ] Bug #1277410 - php-horde-horde: Multiple CSRF vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=1277410

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update php-horde-passwd' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: php-horde-passwd
Product: Fedora 22
Version: 5.0.4
Release: 1.fc22
Summary: Horde password changing application

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.