Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 12 Update: horde-3.3.6-1.fc12
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Thursday 1st April 2010 01:51:02 UTC (over 6 years ago)
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-5520
2010-04-01 00:18:58
--------------------------------------------------------------------------------

Name        : horde
Product     : Fedora 12
Version     : 3.3.6
Release     : 1.fc12
URL         : http://www.horde.org/
Summary     : The common framework for all Horde applications
Description :
The Horde Framework provides a common structure and interface for Horde
applications (such as IMP, a web-based mail program). This RPM is
required for all other Horde module RPMs.

The Horde Project writes web applications in PHP and releases them under
Open Source licenses. For more information (including help with Horde
and its modules) please visit http://www.horde.org/.

READ /usr/share/doc/horde-3.3.6/README.Fedora AFTER INSTALLING FOR
INSTRUCTIONS AND SECURITY!

For additional functionality, also install horde-enhanced

--------------------------------------------------------------------------------
Update Information:

Upgrade to 3.3.6 - Fixes a lot of security bugs
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 29 2010 Nick Bebout  - 3.3.4-2
- Fix Source0: URL.
* Tue Aug  4 2009 Nick Bebout  - 3.3.4-1
- Upgrade to 3.3.4
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #523401 - CVE-2009-3236 Horde: Improper validation of image
form fields (local files overwrite)
        https://bugzilla.redhat.com/show_bug.cgi?id=523401
  [ 2 ] Bug #523407 - CVE-2009-3237 Horde: XSS in "number" type preferences
and in MIME rendering
        https://bugzilla.redhat.com/show_bug.cgi?id=523407
  [ 3 ] Bug #490932 - CVE-2009-0931 CVE-2009-0932 horde: XSS vulnerability
and directory traversal vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=490932
  [ 4 ] Bug #461886 - CVE-2008-3823 horde: XSS via filename of MIME
attachments (oCERT-2008-012)
        https://bugzilla.redhat.com/show_bug.cgi?id=461886
  [ 5 ] Bug #461887 - CVE-2008-3824 horde: XSS via unescaped '/' characters
(oCERT-2008-012)
        https://bugzilla.redhat.com/show_bug.cgi?id=461887
  [ 6 ] Bug #480818 - CVE-2008-5917 horde: IE-specific XSS via image style
attribute
        https://bugzilla.redhat.com/show_bug.cgi?id=480818
  [ 7 ] Bug #549506 - CVE-2009-3701 horde: PHP_SELF XSS vulnerabilities
        https://bugzilla.redhat.com/show_bug.cgi?id=549506
  [ 8 ] Bug #549516 - CVE-2009-4363 horde: XSS vulnerability via data: URIs
        https://bugzilla.redhat.com/show_bug.cgi?id=549516
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update horde' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
 
CD: 2ms