[SECURITY] Fedora 12 Update: horde-3.3.6-1.fc12

updates at fedoraproject.org updates at fedoraproject.org
Thu Apr 1 01:51:02 UTC 2010


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-5520
2010-04-01 00:18:58
--------------------------------------------------------------------------------

Name        : horde
Product     : Fedora 12
Version     : 3.3.6
Release     : 1.fc12
URL         : http://www.horde.org/
Summary     : The common framework for all Horde applications
Description :
The Horde Framework provides a common structure and interface for Horde
applications (such as IMP, a web-based mail program). This RPM is
required for all other Horde module RPMs.

The Horde Project writes web applications in PHP and releases them under
Open Source licenses. For more information (including help with Horde
and its modules) please visit http://www.horde.org/.

READ /usr/share/doc/horde-3.3.6/README.Fedora AFTER INSTALLING FOR
INSTRUCTIONS AND SECURITY!

For additional functionality, also install horde-enhanced

--------------------------------------------------------------------------------
Update Information:

Upgrade to 3.3.6 - Fixes a lot of security bugs
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 29 2010 Nick Bebout <nick at bebout.net - 3.3.6-1
- Upgrade to 3.3.6
* Mon Aug 10 2009 Jason L Tibbitts III <tibbs at math.uh.edu> - 3.3.4-2
- Fix Source0: URL.
* Tue Aug  4 2009 Nick Bebout <nb at fedoraproject.org> - 3.3.4-1
- Upgrade to 3.3.4
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #523401 - CVE-2009-3236 Horde: Improper validation of image form fields (local files overwrite)
        https://bugzilla.redhat.com/show_bug.cgi?id=523401
  [ 2 ] Bug #523407 - CVE-2009-3237 Horde: XSS in "number" type preferences and in MIME rendering
        https://bugzilla.redhat.com/show_bug.cgi?id=523407
  [ 3 ] Bug #490932 - CVE-2009-0931 CVE-2009-0932 horde: XSS vulnerability and directory traversal vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=490932
  [ 4 ] Bug #461886 - CVE-2008-3823 horde: XSS via filename of MIME attachments (oCERT-2008-012)
        https://bugzilla.redhat.com/show_bug.cgi?id=461886
  [ 5 ] Bug #461887 - CVE-2008-3824 horde: XSS via unescaped '/' characters (oCERT-2008-012)
        https://bugzilla.redhat.com/show_bug.cgi?id=461887
  [ 6 ] Bug #480818 - CVE-2008-5917 horde: IE-specific XSS via image style attribute
        https://bugzilla.redhat.com/show_bug.cgi?id=480818
  [ 7 ] Bug #549506 - CVE-2009-3701 horde: PHP_SELF XSS vulnerabilities
        https://bugzilla.redhat.com/show_bug.cgi?id=549506
  [ 8 ] Bug #549516 - CVE-2009-4363 horde: XSS vulnerability via data: URIs
        https://bugzilla.redhat.com/show_bug.cgi?id=549516
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update horde' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list