Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200911-01 (horde horde-webmail horde-groupware)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66148

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200911-01 (horde horde-webmail horde-groupware)

Resumen: The remote host is missing updates announced in;advisory GLSA 200911-01.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200911-01.

Vulnerability Insight:
Multiple vulnerabilities in the Horde Application Framework can allow for
arbitrary files to be overwritten and cross-site scripting attacks.

Solution:
All Horde users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose =www-apps/horde-3.3.5

All Horde webmail users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose =www-apps/horde-webmail-1.2.4

All Horde groupware users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose =www-apps/horde-groupware-1.2.4

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-3236
Debian Security Information: DSA-1897 (Google Search)
http://www.debian.org/security/2009/dsa-1897
http://marc.info/?l=horde-announce&m=125292088004087&w=2
http://marc.info/?l=horde-announce&m=125294558611682&w=2
http://marc.info/?l=horde-announce&m=125292314007049&w=2
http://marc.info/?l=horde-announce&m=125295852706029&w=2
http://marc.info/?l=horde-announce&m=125291625030436&w=2
http://marc.info/?l=horde-announce&m=125292339907481&w=2
http://www.osvdb.org/58107
http://secunia.com/advisories/36665
http://secunia.com/advisories/36882
XForce ISS Database: horde-application-form-file-overwrite(53202)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53202
Common Vulnerability Exposure (CVE) ID: CVE-2009-3237
http://www.osvdb.org/58108
http://www.osvdb.org/58109
XForce ISS Database: horde-mimeviewer-xss(53200)

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66148
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200911-01 (horde horde-webmail horde-groupware)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200911-01.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200911-01. Vulnerability Insight: Multiple vulnerabilities in the Horde Application Framework can allow for arbitrary files to be overwritten and cross-site scripting attacks. Solution: All Horde users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/horde-3.3.5 All Horde webmail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/horde-webmail-1.2.4 All Horde groupware users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/horde-groupware-1.2.4 CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3236 Debian Security Information: DSA-1897 (Google Search) http://www.debian.org/security/2009/dsa-1897 http://marc.info/?l=horde-announce&m=125292088004087&w=2 http://marc.info/?l=horde-announce&m=125294558611682&w=2 http://marc.info/?l=horde-announce&m=125292314007049&w=2 http://marc.info/?l=horde-announce&m=125295852706029&w=2 http://marc.info/?l=horde-announce&m=125291625030436&w=2 http://marc.info/?l=horde-announce&m=125292339907481&w=2 http://www.osvdb.org/58107 http://secunia.com/advisories/36665 http://secunia.com/advisories/36882 XForce ISS Database: horde-application-form-file-overwrite(53202) https://exchange.xforce.ibmcloud.com/vulnerabilities/53202 Common Vulnerability Exposure (CVE) ID: CVE-2009-3237 http://www.osvdb.org/58108 http://www.osvdb.org/58109 XForce ISS Database: horde-mimeviewer-xss(53200)
Copyright	Copyright (C) 2009 E-Soft Inc.