Stay Secure with the Latest Linux Advisories

security advisorycriticalFedora

Fedora 28: 2018-520062dcb8 Critical Update for Horde XSS Vulnerability

**Horde 5.2.20** * [mjr] SECURITY: Fix XSS vulnerability when rendering custom background colors in a sidebar row (Bug #14857).. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-520062dcb8 2018-10-07 22:15:04.448690 --------------------------------------------------------------------------------Name : php-horde-horde Product : Fedora 28 Version : 5.2.20 Release : 1.fc28 URL : https://www.horde.org/apps/horde Summary : Horde Application Framework Description : The Horde Application Framework is a flexible, modular, general-purpose web application framework written in PHP. It provides an extensive array of components that are targeted at the common problems and tasks involved in developing modern web applications. It is the basis for a large number of production-level web applications, notably the Horde Groupware suites. For more information on Horde or the Horde Groupware suites, visit https://www.horde.org/. --------------------------------------------------------------------------------Update Information: **Horde 5.2.20** * [mjr] SECURITY: Fix XSS vulnerability when rendering custom background colors in a sidebar row (Bug #14857). --------------------------------------------------------------------------------ChangeLog: * Thu Sep 27 2018 Remi Collet - 5.2.20-1 - update to 5.2.20 * Mon Aug 20 2018 Remi Collet - 5.2.19-1 - update to 5.2.19 * Thu Jul 5 2018 Remi Collet - 5.2.18-1 - update to 5.2.18 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-520062dcb8' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Horde 5.2.20 security patch for Fedora resolves CSRF vulnerability in header styling. Key update information provided.. Horde Application Security,Fedora Update,XSS Fix,PHP Framework Update. . Severity: Critical. LinuxSecurity.com Team

Oct 07, 2018 •Critical Fedora