Network Security Audits / Vulnerability Assessments by SecuritySpace

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-5520
2010-04-01 00:18:58
--------------------------------------------------------------------------------

Name        : horde
Product     : Fedora 12
Version     : 3.3.6
Release     : 1.fc12
URL         : http://www.horde.org/
Summary     : The common framework for all Horde applications
Description :
The Horde Framework provides a common structure and interface for Horde
applications (such as IMP, a web-based mail program). This RPM is
required for all other Horde module RPMs.

The Horde Project writes web applications in PHP and releases them under
Open Source licenses. For more information (including help with Horde
and its modules) please visit http://www.horde.org/.

READ /usr/share/doc/horde-3.3.6/README.Fedora AFTER INSTALLING FOR
INSTRUCTIONS AND SECURITY!

For additional functionality, also install horde-enhanced

--------------------------------------------------------------------------------
Update Information:

Upgrade to 3.3.6 - Fixes a lot of security bugs
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 29 2010 Nick Bebout <nick@bebout.net - 3.3.6-1
- Upgrade to 3.3.6
* Mon Aug 10 2009 Jason L Tibbitts III <tibbs@math.uh.edu> - 3.3.4-2
- Fix Source0: URL.
* Tue Aug  4 2009 Nick Bebout <nb@fedoraproject.org> - 3.3.4-1
- Upgrade to 3.3.4
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #523401 - CVE-2009-3236 Horde: Improper validation of image form fields (local files overwrite)
        https://bugzilla.redhat.com/show_bug.cgi?id=523401
  [ 2 ] Bug #523407 - CVE-2009-3237 Horde: XSS in "number" type preferences and in MIME rendering
        https://bugzilla.redhat.com/show_bug.cgi?id=523407
  [ 3 ] Bug #490932 - CVE-2009-0931 CVE-2009-0932 horde: XSS vulnerability and directory traversal vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=490932
  [ 4 ] Bug #461886 - CVE-2008-3823 horde: XSS via filename of MIME attachments (oCERT-2008-012)
        https://bugzilla.redhat.com/show_bug.cgi?id=461886
  [ 5 ] Bug #461887 - CVE-2008-3824 horde: XSS via unescaped '/' characters (oCERT-2008-012)
        https://bugzilla.redhat.com/show_bug.cgi?id=461887
  [ 6 ] Bug #480818 - CVE-2008-5917 horde: IE-specific XSS via image style attribute
        https://bugzilla.redhat.com/show_bug.cgi?id=480818
  [ 7 ] Bug #549506 - CVE-2009-3701 horde: PHP_SELF XSS vulnerabilities
        https://bugzilla.redhat.com/show_bug.cgi?id=549506
  [ 8 ] Bug #549516 - CVE-2009-4363 horde: XSS vulnerability via data: URIs
        https://bugzilla.redhat.com/show_bug.cgi?id=549516
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update horde' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce