- Detalji os-a: FED
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LFE
——————————————————————————–
Fedora Update Notification
FEDORA-2016-3d1183830b
2016-02-20 20:26:17.668458
——————————————————————————–
Name : php-horde-horde
Product : Fedora 22
Version : 5.2.9
Release : 1.fc22
URL : http://www.horde.org/apps/horde
Summary : Horde Application Framework
Description :
The Horde Application Framework is a flexible, modular, general-purpose web
application framework written in PHP. It provides an extensive array of
components that are targeted at the common problems and tasks involved in
developing modern web applications. It is the basis for a large number of
production-level web applications, notably the Horde Groupware suites. For
more information on Horde or the Horde Groupware suites, visit
http://www.horde.org.
——————————————————————————–
Update Information:
**horde 5.2.9** * [jan] SECURITY: Fix XSS vulnerability in menu bar exposed by
few applications (Bug #14213). * [jan] Add more detailed user DN settings to
Kolab group configuration (Request #11737). * [jan] Fix returning to last page
after problem reporting from AJAX pages (Bug #12112). * [jan] Fix custom
database configuration for groups (Bug #11664). * [jan] Use access rules
compatible with both Apache 2.2 and 2.4. * [mjr] Fix reporting results for non-
select queries in administrative sql shell (Bug #14216).
——————————————————————————–
References:
[ 1 ] Bug #1304397 – CVE-2016-2228 php-horde: reflected cross-site scripting
https://bugzilla.redhat.com/show_bug.cgi?id=1304397
[ 2 ] Bug #1305597 – CVE-2015-8807 php-horde-Horde: Cross-site scripting in _renderVarInput_number
https://bugzilla.redhat.com/show_bug.cgi?id=1305597
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update php-horde-horde’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
——————————————————————————–
Fedora Update Notification
FEDORA-2016-5d0e7f15ef
2016-02-21 16:23:38.009831
——————————————————————————–
Name : php-horde-horde
Product : Fedora 23
Version : 5.2.9
Release : 1.fc23
URL : http://www.horde.org/apps/horde
Summary : Horde Application Framework
Description :
The Horde Application Framework is a flexible, modular, general-purpose web
application framework written in PHP. It provides an extensive array of
components that are targeted at the common problems and tasks involved in
developing modern web applications. It is the basis for a large number of
production-level web applications, notably the Horde Groupware suites. For
more information on Horde or the Horde Groupware suites, visit
http://www.horde.org.
——————————————————————————–
Update Information:
**horde 5.2.9** * [jan] SECURITY: Fix XSS vulnerability in menu bar exposed by
few applications (Bug #14213). * [jan] Add more detailed user DN settings to
Kolab group configuration (Request #11737). * [jan] Fix returning to last page
after problem reporting from AJAX pages (Bug #12112). * [jan] Fix custom
database configuration for groups (Bug #11664). * [jan] Use access rules
compatible with both Apache 2.2 and 2.4. * [mjr] Fix reporting results for non-
select queries in administrative sql shell (Bug #14216).
——————————————————————————–
References:
[ 1 ] Bug #1305597 – CVE-2015-8807 php-horde-Horde: Cross-site scripting in _renderVarInput_number
https://bugzilla.redhat.com/show_bug.cgi?id=1305597
[ 2 ] Bug #1304397 – CVE-2016-2228 php-horde: reflected cross-site scripting
https://bugzilla.redhat.com/show_bug.cgi?id=1304397
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update php-horde-horde’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
| Autor | Tomislav Protega |
| Cert id | NCERT-REF-2016-02-0008-ADV |
| Cve | CVE-2016-2228 CVE-2015-8807 |
| ID izvornika | FEDORA-2016 |
| Proizvod | php-horde-horde |
| Izvor | http://www.redhat.com |
