Red Hat Bugzilla – Bug 436628
CVE-2008-1284 horde: arbitrary file inclusion through abuse of the theme preference
Last modified: 2008-03-13 03:42:13 EDT
Description of problem:
Version-Release number of selected component (if applicable):
Packages are building in koji.
horde-3.1.7-1.fc8 has been submitted as an update for Fedora 8
horde-3.1.7-1.fc7 has been submitted as an update for Fedora 7
Reference: BUGTRAQ:20080307 Horde Webmail file inclusion proof of concept & patch.
Reference: BUGTRAQ:20080308 Re: Horde Webmail file inclusion proof of concept &
Reference: MLIST:[announce] 20080307 Horde Groupware 1.0.5 (final)
Reference: MLIST:[announce] 20080307 Horde Groupware Webmail Edition 1.0.6 (final)
Reference: MLIST:[announce] 20080307 Horde 3.1.7 (final)
Directory traversal vulnerability in Horde 3.1.6, Groupware before
1.0.5, and Groupware Webmail Edition before 1.0.6, when running with
certain configurations, allows remote authenticated users to read and
execute arbitrary files via ".." sequences and a null byte in the
There is still old summary in waiting update. Is it a problem?
horde-3.1.7-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
horde-3.1.7-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.