|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200505-01] Horde Framework: Multiple XSS vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Horde Framework: Multiple XSS vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200505-01
(Horde Framework: Multiple XSS vulnerabilities)
Cross-site scripting vulnerabilities have been discovered in
various modules of the Horde Framework.
Impact
These vulnerabilities could be exploited by a possible hacker to execute
arbitrary HTML and script code in context of the victim's browser.
Workaround
There is no known workaround at this time.
References:
http://marc.theaimsgroup.com/?l=horde-announce&r=1&b=200504&w=2
Solution:
All Horde users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/horde-2.2.8"
All Horde Vacation users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/horde-vacation-2.2.2"
All Horde Turba users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/horde-turba-1.2.5"
All Horde Passwd users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/horde-passwd-2.2.2"
All Horde Nag users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/horde-nag-1.1.3"
All Horde Mnemo users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/horde-mnemo-1.1.4"
All Horde Kronolith users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/horde-kronolith-1.1.4"
All Horde IMP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/horde-imp-3.2.8"
All Horde Accounts users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/horde-accounts-2.1.2"
All Horde Forwards users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/horde-forwards-2.2.2"
All Horde Chora users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/horde-chora-1.2.3"
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.
|