Bug 461886 (CVE-2008-3823)
| Summary: | CVE-2008-3823 horde: XSS via filename of MIME attachments (oCERT-2008-012) | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | chris, dev, j |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-04-02 10:37:07 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Tomas Hoger
2008-09-11 07:40:23 UTC
Advisory from the reporter: http://marc.info/?l=full-disclosure&m=122113948918864&w=4 Horde Application Framework version 3.2.2 announced on September 10th 2008 fixed this: The Horde Team is pleased to announce the final release of the Horde Application Framework version 3.2.2. This is a security release that fixes unescaped output in the MIME library (CVE-2008-3823), and further improves the XSS filter for HTML messages (CVE-2008-3824). The unescaped output vulnerability can be triggered by sending specially crafted e-mail messages to Horde users, if they use a Horde mail client. All users are encouraged to upgrade to this version. The major changes compared to the Horde version H3 (3.2.1) are: * Fixed unescaped output in the MIME library. * Further improved the XSS filter for HTML. http://lists.horde.org/archives/announce/2008/000429.html In addition on December 10th 2008 version 3.2.3 was released: This is a minor security release that adds another check to the XSS filter for an Internet Explorer exploit. All users are encouraged to upgrade to this version. The major changes compared to the Horde version H3 (3.2.2) are: * Added another check to the XSS filter (only IE is vulnerable). http://lists.horde.org/archives/announce/2008/000462.html There is also a 3.3.2 version but I guess that this would be a more complicated upgrade. I haven't tested for this XSS exploit -- my interest in a 3.2.2 version of Horde is so that I can install Ansel: Ansel 1.0 requires version 3.2.2 or greater of the Horde Framework - earlier versions of Horde will not work. http://www.horde.org/ansel/docs/?f=INSTALL.html#prerequisites I'm using the epel-5 package. horde-3.3.6-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/horde-3.3.6-1.fc11 horde-3.3.6-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/horde-3.3.6-1.fc12 horde-3.3.6-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/horde-3.3.6-1.fc13 horde-3.3.6-1.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/horde-3.3.6-1.el5 horde-3.3.6-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. horde-3.3.6-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. horde-3.3.6-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. horde-3.3.6-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. |