Fix mal wieder dein horde! #-----Original Message----- #From: Moritz Muehlenhoff [mailto:[EMAIL PROTECTED] #Sent: Mittwoch, 12. April 2006 21:04 #To: debian-security-announce@lists.debian.org #Subject: [SECURITY] [DSA 1033-1] New horde3 packages fix #several vulnerabilities # #-----BEGIN PGP SIGNED MESSAGE----- #Hash: SHA1 # #- #--------------------------------------------------------------- #----------- #Debian Security Advisory DSA 1033-1 [EMAIL PROTECTED] #http://www.debian.org/security/ Moritz #Muehlenhoff #April 12th, 2006 #http://www.debian.org/security/faq #- #--------------------------------------------------------------- #----------- # #Package : horde3 #Vulnerability : several #Problem-Type : remote #Debian-specific: no #CVE ID : CVE-2005-4190 CVE-2006-1260 CVE-2006-1491 #Debian Bug : 361967 # #Several remote vulnerabilities have been discovered in the #Horde web application framework, which may lead to the #execution of arbitrary web script code. The Common #Vulnerabilities and Exposures project identifies the following #problems: # #CVE-2005-4190 # # Several Cross-Site-Scripting vulnerabilities have been #discovered in # the "share edit window". # #CVE-2006-1260 # # Null characters in the URL parameter bypass a sanity check, which # allowed remote attackers to read arbitrary files, which allowed # information disclosure. # #CVE-2006-1491 # # User input in the help viewer was passed unsanitised to the eval() # function, which allowed injection of arbitrary web code. # # #The old stable distribution (woody) doesn't contain horde3 packages. # #For the stable distribution (sarge) these problems have been #fixed in version 3.0.4-4sarge3. # #For the unstable distribution (sid) these problems have been #fixed in version 3.1.1-1. # #We recommend that you upgrade your horde3 package. # # #Upgrade Instructions #- -------------------- # #wget url # will fetch the file for you #dpkg -i file.deb # will install the referenced file. # #If you are using the apt-get package manager, use the line for #sources.list as given below: # #apt-get update # will update the internal database apt-get upgrade # will install corrected packages # #You may use an automated update by adding the resources from #the footer to the proper configuration. # # #Debian GNU/Linux 3.1 alias sarge #- -------------------------------- # # Source archives: # # #http://security.debian.org/pool/updates/main/h/horde3/horde3_3. #0.4-4sarge3.dsc # Size/MD5 checksum: 628 7b66ee691ce42e8a50a072f82667be0b # #http://security.debian.org/pool/updates/main/h/horde3/horde3_3. #0.4-4sarge3.diff.gz # Size/MD5 checksum: 11630 20195835db40066033ddb80df5658740 # #http://security.debian.org/pool/updates/main/h/horde3/horde3_3. #0.4.orig.tar.gz # Size/MD5 checksum: 3378143 e2221d409ba1c8841ce4ecee981d7b61 # # Architecture independent components: # # #http://security.debian.org/pool/updates/main/h/horde3/horde3_3. #0.4-4sarge3_all.deb # Size/MD5 checksum: 3436640 eadf553e1f8d9117155dbb09fe1dec34 # # # These files will probably be moved into the stable distribution on # its next update. # #- #--------------------------------------------------------------- #------------------ #For apt-get: deb http://security.debian.org/ stable/updates #main For dpkg-ftp: ftp://security.debian.org/debian-security #dists/stable/updates/main Mailing list: [EMAIL PROTECTED] #Package info: `apt-cache show <pkg>' and #http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- #Version: GnuPG v1.4.3 (GNU/Linux) # #iD8DBQFEPU6ZXm3vHE4uyloRAtD0AJ0QNX1N8OMH/VeM89Fbctcrg2JPJwCbB2NQ #xNDhfF7lAgT1QSkbI5xi8U4= #=Jvsc #-----END PGP SIGNATURE----- # # #-- #To UNSUBSCRIBE, email to [EMAIL PROTECTED] #with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] #
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
