Gentoo Security Advisory GLSA 200909-14 (horde Horde-imp Horde-passwd) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200909-14.

Solution

All Horde users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/horde-3.3.4 All Horde IMP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/horde-imp-4.3.4 All Horde Passwd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/horde-passwd-3.1.1 http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200909-14 http://bugs.gentoo.org/show_bug.cgi?id=256125 http://bugs.gentoo.org/show_bug.cgi?id=262976 http://bugs.gentoo.org/show_bug.cgi?id=262978 http://bugs.gentoo.org/show_bug.cgi?id=277294

Insight

Multiple vulnerabilities have been discovered in Horde and two modules, allowing for the execution of arbitrary code, information disclosure, or Cross-Site Scripting.

Severity

Classification

CVE CVE-2008-5917, CVE-2009-0930, CVE-2009-0931, CVE-2009-0932, CVE-2009-2360

CVSS	Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Gentoo Security Advisory GLSA 200909-14 (horde horde-imp horde-passwd)

Take action and discover your vulnerabilities