| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 1 Sep 2003 16:28:27 +0200 (CEST) From: aliz@...too.org (Daniel Ahlberg) To: gentoo-announce@...too.org, bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com Subject: GLSA: horde (200309-02) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200309-02 - - - --------------------------------------------------------------------- PACKAGE : horde SUMMARY : session hijacking DATE : 2003-09-01 14:28 UTC EXPLOIT : remote VERSIONS AFFECTED : <vmware-workstation-4.0.2.5592 FIXED VERSION : >=vmware-workstation-4.0.2.5592 CVE : - - - --------------------------------------------------------------------- quote from advisory: "An attacker could send an email to the victim who ago use of HORDE MTA in order to push it to visit a website. The website in issue log all the accesses and describe in the particular the origin of every victim." Read the full advisory at: http://marc.theaimsgroup.com/?l=bugtraq&m=106081310531567&w=2 SOLUTION It is recommended that all Gentoo Linux users who are running net-www/horde upgrade to horde-2.2.4_rc2 as follows: emerge sync emerge horde emerge clean - - - --------------------------------------------------------------------- aliz@...too.org - GnuPG key is available at http://dev.gentoo.org/~aliz - - - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/U1eLfT7nyhUpoZMRAvNIAJ9Ff+t+uJUvFK4pqP90o0WB+4rGZACeOpF7 XE4AIoGECKrbQd+oFcZrYpQ= =wWs6 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists