Alerts This Week
Warning Icon 1 562
Alerts This Week
Warning Icon 1 562

Stay Secure with the Latest Linux Advisories

Ubuntu Large Esm H800
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H800
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 5 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoracritical

Fedora 28: 2019-944ff52ce6 Critical Vulnerability in Horde Image

**Horde_Image 2.5.4** * [mjr] SECURITY: Fix potential RCE in the text method when using the Imagemagick backend. * [mjr] SECURITY: Sanitize image type parameter (PR: 2, Fariskhi Vidyan). * [mjr] Fix issues with escaping single and double quote characters in the text method when using the Imagemagick backend.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-944ff52ce6 2019-01-11 02:58:39.927899 --------------------------------------------------------------------------------Name : php-horde-Horde-Image Product : Fedora 28 Version : 2.5.4 Release : 1.fc28 URL : http://pear.horde.org Summary : Horde Image API Description : An Image utility API, with backends for: * GD * GIF * PNG * SVG * SWF * ImageMagick convert command line tool * Imagick Extension Optional dependency: php-pecl-imagick --------------------------------------------------------------------------------Update Information: **Horde_Image 2.5.4** * [mjr] SECURITY: Fix potential RCE in the text method when using the Imagemagick backend. * [mjr] SECURITY: Sanitize image type parameter (PR: 2, Fariskhi Vidyan). * [mjr] Fix issues with escaping single and double quote characters in the text method when using the Imagemagick backend. --------------------------------------------------------------------------------ChangeLog: * Wed Jan 2 2019 Remi Collet - 2.5.4-1 - update to 2.5.4 - use range dependencies * Mon Jun 25 2018 Remi Collet - 2.5.3-1 - update to 2.5.3 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-944ff52ce6' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project canbe found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Important update for PHP Horde addresses remote code execution vulnerabilities and enhances input sanitization with ImageMagick backend for Fedora 28 users. PHP Horde Image, Fedora Security, ImageMagick Update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 11, 2019 Critical Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedorasoftware update

Fedora 25: 2017-17f457262c Critical XSS Fix for Horde URL

**Horde_Url 2.2.6** * [jan] SECURITY: Fix XSS vulnerability with pathinfo component in toString().. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-17f457262c 2017-08-10 15:18:03.832346 --------------------------------------------------------------------------------Name : php-horde-Horde-Url Product : Fedora 25 Version : 2.2.6 Release : 1.fc25 URL : http://pear.horde.org Summary : Horde Url class Description : This class represents a single URL and provides methods for manipulating URLs. --------------------------------------------------------------------------------Update Information: **Horde_Url 2.2.6** * [jan] SECURITY: Fix XSS vulnerability with pathinfo component in toString(). --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade php-horde-Horde-Url' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . Address XSS flaw in Horde_Url 2.2.6 for Fedora 25. Use dnf to upgrade for improved security following the guidance from this advisory.. Horde Url Security Update,Fedora PHP Security,Software Update Notification,Pathinfo Component Security. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Aug 10, 2017 Critical Fedora
Banner 4 1028x280 1708121825 1771600306
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorysecurity issueFedora

Fedora 26: 2017-1081235137 Critical: Horde 5.2.16 Open Redirect

**horde 5.2.16** * [jan] SECURITY: Fix open redirects.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-1081235137 2017-08-10 15:18:13.065715 --------------------------------------------------------------------------------Name : php-horde-horde Product : Fedora 26 Version : 5.2.16 Release : 1.fc26 URL : https://www.horde.org/apps/horde Summary : Horde Application Framework Description : The Horde Application Framework is a flexible, modular, general-purpose web application framework written in PHP. It provides an extensive array of components that are targeted at the common problems and tasks involved in developing modern web applications. It is the basis for a large number of production-level web applications, notably the Horde Groupware suites. For more information on Horde or the Horde Groupware suites, visit https://www.horde.org/. --------------------------------------------------------------------------------Update Information: **horde 5.2.16** * [jan] SECURITY: Fix open redirects. --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade php-horde-horde' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . Horde 5.2.16 security patch addresses open redirect issues on Fedora systems. Upgrade today for improved protection!.php-horde-horde,horde framework,open redirect. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Aug 10, 2017 Critical Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoraremote code execution

Fedora 24: php-horde-Horde-Image Security Update for Command Injection

**Horde_Image 2.5.1** * [mjr] SECURITY: Fix more potential places for command injections. ---- **Horde_Image 2.5.0** * [mjr] **SECURITY**: Prevent DOS attack by preventing an infinite loop in certain conditions (CVE-2017-9773, reported by Fariskhi Vidyan). * [mjr] **SECURITY**: Prevent RCE attacks by properly sanitizing shell arguments (CVE-2017-9774, reported by Fariskhi. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-299525e757 2017-07-11 18:56:33.191186 --------------------------------------------------------------------------------Name : php-horde-Horde-Image Product : Fedora 24 Version : 2.5.1 Release : 1.fc24 URL : http://pear.horde.org Summary : Horde Image API Description : An Image utility API, with backends for: * GD * GIF * PNG * SVG * SWF * ImageMagick convert command line tool * Imagick Extension Optional dependency: php-pecl-imagick --------------------------------------------------------------------------------Update Information: **Horde_Image 2.5.1** * [mjr] SECURITY: Fix more potential places for command injections. ---- **Horde_Image 2.5.0** * [mjr] **SECURITY**: Prevent DOS attack by preventing an infinite loop in certain conditions (CVE-2017-9773, reported by Fariskhi Vidyan). * [mjr] **SECURITY**: Prevent RCE attacks by properly sanitizing shell arguments (CVE-2017-9774, reported by Fariskhi Vidyan). * [jan] Add blur effect. --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade php-horde-Horde-Image' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . The recent update of Horde_Image 2.5.1 in Fedora bolsters defenses against command injection vulnerabilities and Denial of Service threats in image handling.. Horde_Image Update, Fedora Security Advisory, Command Injection Fix, Remote Code Execution Prevention. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jul 12, 2017 Important Fedora
Banner 4 1028x280 1708121825 1771600306
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycritical issueremote code execution

Debian DSA-1897-1 Critical: Horde3 Remote Code Execution Fix

Stefan Esser discovered that Horde, a web application framework providing classes for dealing with preferences, compression, browser detection, connection tracking, MIME, and more, is insufficiently validating and escaping user provided input. The Horde_Form_Type_image form element . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-1897-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Nico Golde September 28th, 2009 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : horde3 Vulnerability : insufficient input sanitization Problem type : remote Debian-specific: no Debian bug : #547318 CVE ID : CVE-2009-3236 Stefan Esser discovered that Horde, a web application framework providing classes for dealing with preferences, compression, browser detection, connection tracking, MIME, and more, is insufficiently validating and escaping user provided input. The Horde_Form_Type_image form element allows to reuse a temporary filename on reuploads which are stored in a hidden HTML field and then trusted without prior validation. An attacker can use this to overwrite arbitrary files on the system or to upload PHP code and thus execute arbitrary code with the rights of the webserver. For the oldstable distribution (etch), this problem has been fixed in version 3.1.3-4etch6. For the stable distribution (lenny), this problem has been fixed in version 3.2.2+debian0-2+lenny1. For the testing distribution (squeeze), this problem has been fixed in version 3.3.5+debian0-1. For the unstable distribution (sid), this problem has been fixed in version 3.3.5+debian0-1. We recommend that you upgrade your horde3 packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referencedfile. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 15869 3a74c50d35cf7f252cceec008e133299 Size/MD5 checksum: 1076 d4205b4f956ee00aa545f988f5d0206f Size/MD5 checksum: 5232958 fbc56c608ac81474b846b1b4b7bb5ee7 Architecture independent packages: Size/MD5 checksum: 5278984 55bb80d663cad92d40ffcd15946379cf Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 1388 e9bee230ea249ac6c8cd69bf4ad7c360 Size/MD5 checksum: 7180761 fb22a594bbdad07a0fbeef035a6d2f39 Size/MD5 checksum: 27183 2a72cd6eb73cd03aea3bf296dd17cbb5 Architecture independent packages: Size/MD5 checksum: 7232466 12e1b9fd01f35600f7fb3852025c8610 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Uncover the DSA-1897-1 notice pertaining to the vulnerability in Horde that allows unauthorized code execution stemming from inadequate input validation in Debian.. Horde Packages, Debian Advisory, Input HandlingIssue. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 28, 2009 Critical Debian
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentoocode execution

Gentoo: GLSA-200909-14 Normal: Horde Code Execution and XSS Risks

Multiple vulnerabilities have been discovered in Horde and two modules, allowing for the execution of arbitrary code, information disclosure, or Cross-Site Scripting. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200909-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Horde: Multiple vulnerabilities Date: September 12, 2009 Bugs: #256125, #262976, #262978, #277294 ID: 200909-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Horde and two modules, allowing for the execution of arbitrary code, information disclosure, or Cross-Site Scripting. Background ========= Horde is a web application framework written in PHP. Horde IMP, the "Internet Messaging Program", is a Webmail module and Horde Passwd is a password changing module for Horde. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/horde < 3.3.4 > = 3.3.4 2 www-apps/horde-imp < 4.3.4 > = 4.3.4 3 www-apps/horde-passwd < 3.1.1 > = 3.1.1 ------------------------------------------------------------------- 3 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description ========== Multiple vulnerabilities have been discovered in Horde: * Gunnar Wrobel reported an input sanitation and directory traversal flaw in framework/Image/Image.php, related to the"Horde_Image driver name" (CVE-2009-0932). * Gunnar Wrobel reported that data sent to horde/services/portal/cloud_search.php is not properly sanitized before used in the output (CVE-2009-0931). * It was reported that data sent to framework/Text_Filter/Filter/xss.php is not properly sanitized before used in the output (CVE-2008-5917). Horde Passwd: David Wharton reported that data sent via the "backend" parameter to passwd/main.php is not properly sanitized before used in the output (CVE-2009-2360). Horde IMP: Gunnar Wrobel reported that data sent to smime.php, pgp.php, and message.php is not properly sanitized before used in the output (CVE-2009-0930). Impact ===== A remote authenticated attacker could exploit these vulnerabilities to execute arbitrary PHP files on the server, or disclose the content of arbitrary files, both only if the file is readable to the web server. A remote authenticated attacker could conduct Cross-Site Scripting attacks. NOTE: Some Cross-Site Scripting vectors are limited to the usage of Microsoft Internet Explorer. Workaround ========= There is no known workaround at this time. Resolution ========= All Horde users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/horde-3.3.4 All Horde IMP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/horde-imp-4.3.4 All Horde Passwd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/horde-passwd-3.1.1 References ========= [ 1 ] CVE-2008-5917 https://www.cve.org/CVERecord?id=CVE-2008-5917 [ 2 ] CVE-2009-0930 https://www.cve.org/CVERecord?id=CVE-2009-0930 [ 3 ] CVE-2009-0931 https://www.cve.org/CVERecord?id=CVE-2009-0931 [ 4 ] CVE-2009-0932 https://www.cve.org/CVERecord?id=CVE-2009-0932 [ 5 ] CVE-2009-2360 https://www.cve.org/CVERecord?id=CVE-2009-2360 Availability =========== This GLSA and anyupdates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200909-14 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Gentoo exposes Horde flaws: Advisory highlights risks of Cross-Site Scripting and arbitrary code execution.. Horde Security Risks, Gentoo Code Execution, XSS Exploits. . LinuxSecurity.com Team

Calendar 2 Sep 12, 2009 Gentoo
Banner 4 1028x280 1708121825 1771600306
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycritical issuedebian

Debian 4.0: DSA-1519-1 Critical: Horde3 Remote File Access Risk

It was discovered that the Horde web application framework permits arbitrary file inclusion by a remote attacker through the theme preference parameter.. - ------------------------------------------------------------------------Debian Security Advisory DSA-1519-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Thijs Kinkhorst March 15, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------Package : horde3 Vulnerability : insufficient input sanitising Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-1284 Debian Bug : 470640 It was discovered that the Horde web application framework permits arbitrary file inclusion by a remote attacker through the theme preference parameter. The old stable distribution (sarge) this problem has been fixed in version 3.0.4-4sarge7. For the stable distribution (etch) this problem has been fixed in version 3.1.3-4etch3. For the unstable distribution (sid) this problem has been fixed in version 3.1.7-1. We recommend that you upgrade your horde3 package. Upgrade instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - --------------------------------Source archives: Size/MD5 checksum: 920 b3374347290398c40e95d94ca72f089c Size/MD5 checksum: 3378143 e2221d409ba1c8841ce4ecee981d7b61 Size/MD5 checksum: 14280 01c1df81c247bf310367f50859ebb2ff Architecture independent packages: Size/MD5 checksum: 34379564c4fa0aa9f5347785ca74f414165f934 Debian GNU/Linux 4.0 alias etch - -------------------------------Source archives: Size/MD5 checksum: 13100 d79fbe74794a4f6c70f208ba3a55bebc Size/MD5 checksum: 974 f8929682acb675550e4235c62a99cbe6 Size/MD5 checksum: 5232958 fbc56c608ac81474b846b1b4b7bb5ee7 Architecture independent packages: Size/MD5 checksum: 5270328 d4a9a4db3744a2cd496ed499c39ec6b3 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Urgent security alert for Horde3 users on Debian: vulnerabilities expose sensitive data. Upgrade now, review settings, and monitor logs to ensure safety. Horde3, Debian Security, File Inclusion Risks. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 15, 2008 Critical Debian
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticaldebian

Debian: DSA-1470-1 Critical: Horde Email Deletion DoS Advisory

Ulf Harnhammer discovered that the HTML filter of the Horde web application framework performed insufficient input sanitising, which may lead to the deletion of emails if a user is tricked into viewing a malformed email inside the Imp client.. - ------------------------------------------------------------------------Debian Security Advisory DSA-1470-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff January 20, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------Package : horde3 Vulnerability : missing input sanitising Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-6018 Ulf Harnhammer discovered that the HTML filter of the Horde web application framework performed insufficient input sanitising, which may lead to the deletion of emails if a user is tricked into viewing a malformed email inside the Imp client. This update also provides backported bugfixes to the cross-site scripting filter and the user management API from the latest Horde release 3.1.6. For the stable distribution (etch), this problem has been fixed in version 3.1.3-4etch2. The old stable distribution (sarge) is not affected. An update to Etch is recommended, though. We recommend that you upgrade your horde3 package. Upgrade instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 4.0 (stable) - -------------------Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 andsparc. Source archives: Size/MD5 checksum: 682 65c2b4458281e2e4c844b7bd4af52ba3 Size/MD5 checksum: 12893 db60e2c62f488824247429c35ace45fd Size/MD5 checksum: 5232958 fbc56c608ac81474b846b1b4b7bb5ee7 Architecture independent packages: Size/MD5 checksum: 5261396 e1cff2548fbd2f1984e2cf956ecd43f8 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian's security team warns of a Horde 3 vulnerability affecting email deletion, risking denial of service attacks. Administrators should review and update systems.. Horde Framework, Email Deletion, Input Sanitisation, Debian Security, Denial of Service. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 20, 2008 Critical Debian
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here