Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200505-01 ] Horde Framework: Multiple XSS vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1471

PostPosted: Sun May 01, 2005 4:25 pm    Post subject: [ GLSA 200505-01 ] Horde Framework: Multiple XSS vulnerabili Reply with quote

Gentoo Linux Security Advisory

Title: Horde Framework: Multiple XSS vulnerabilities (GLSA 200505-01)
Severity: low
Exploitable: remote
Date: May 01, 2005
Bug(s): #90365
ID: 200505-01

Synopsis


Various modules of the Horde Framework are vulnerable to multiple
cross-site scripting (XSS) vulnerabilities.


Background


The Horde Framework is a PHP based framework for building web
applications. It provides many modules including calendar, address
book, CVS viewer and Internet Messaging Program.


Affected Packages

Package: www-apps/horde-vacation
Vulnerable: < 2.2.2
Unaffected: >= 2.2.2
Architectures: All supported architectures

Package: www-apps/horde-turba
Vulnerable: < 1.2.5
Unaffected: >= 1.2.5
Architectures: All supported architectures

Package: www-apps/horde-passwd
Vulnerable: < 2.2.2
Unaffected: >= 2.2.2
Architectures: All supported architectures

Package: www-apps/horde-nag
Vulnerable: < 1.1.3
Unaffected: >= 1.1.3
Architectures: All supported architectures

Package: www-apps/horde-mnemo
Vulnerable: < 1.1.4
Unaffected: >= 1.1.4
Architectures: All supported architectures

Package: www-apps/horde-kronolith
Vulnerable: < 1.1.4
Unaffected: >= 1.1.4
Architectures: All supported architectures

Package: www-apps/horde-imp
Vulnerable: < 3.2.8
Unaffected: >= 3.2.8
Architectures: All supported architectures

Package: www-apps/horde-accounts
Vulnerable: < 2.1.2
Unaffected: >= 2.1.2
Architectures: All supported architectures

Package: www-apps/horde-forwards
Vulnerable: < 2.2.2
Unaffected: >= 2.2.2
Architectures: All supported architectures

Package: www-apps/horde-chora
Vulnerable: < 1.2.3
Unaffected: >= 1.2.3
Architectures: All supported architectures

Package: www-apps/horde
Vulnerable: < 2.2.8
Unaffected: >= 2.2.8
Architectures: All supported architectures


Description


Cross-site scripting vulnerabilities have been discovered in
various modules of the Horde Framework.


Impact


These vulnerabilities could be exploited by an attacker to execute
arbitrary HTML and script code in context of the victim's browser.


Workaround


There is no known workaround at this time.


Resolution


All Horde users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/horde-2.2.8"

All Horde Vacation users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/horde-vacation-2.2.2"

All Horde Turba users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/horde-turba-1.2.5"

All Horde Passwd users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/horde-passwd-2.2.2"

All Horde Nag users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/horde-nag-1.1.3"

All Horde Mnemo users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/horde-mnemo-1.1.4"

All Horde Kronolith users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/horde-kronolith-1.1.4"

All Horde IMP users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/horde-imp-3.2.8"

All Horde Accounts users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/horde-accounts-2.1.2"

All Horde Forwards users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/horde-forwards-2.2.2"

All Horde Chora users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/horde-chora-1.2.3"


References

Horde Announcement


Last edited by GLSA on Wed Jun 15, 2011 4:19 am; edited 3 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum