Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Fedora 24: php-horde-Horde-Mime-Viewer XSS Risk Security Update

fedora
Calendar Grey September 22, 2016
Dist Fedora Esm H88
A significant patch for Horde Mime Viewer aimed at disabling SVG image processing and mitigating XSS vulnerabilities in Fedora 24.
**Horde_Mime_Viewer 2.2.1** * [jan] SECURITY: Don't render SVG images in the browser to avoid XSS attacks (Reported by Dawid Gounski via Beyond Security's SecuriTeam Secure Disclos...

Summary

Provides rendering drivers for MIME data.

Update Information:

**Horde_Mime_Viewer 2.2.1** * [jan] SECURITY: Don't render SVG images in the browser to avoid XSS attacks (Reported by Dawid Gounski via Beyond Security's SecuriTeam Secure Disclosure program).

Change Log

References


[ 1 ] Bug #1375485 - php-horde: XSS vulnerability via SVG images https://bugzilla.redhat.com/show_bug.cgi?id=1375485

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update php-horde-Horde-Mime-Viewer' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: php-horde-Horde-Mime-Viewer
Product: Fedora 24
Version: 2.2.1
Release: 1.fc24
Summary: Horde MIME Viewer Library

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.