TUCoPS :: Linux :: Discontinued :: cs2016-0.txt

horde/imp cross scripting vulnerabilities - Caldera Advisory CSSA-2002-016.0

To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com


		Caldera International, Inc.  Security Advisory

Subject:		Linux: horde/imp cross scripting vulnerabilities
Advisory number: 	CSSA-2002-016.0
Issue date: 		2002 April 16
Cross reference:

1. Problem Description

	There are some potential cross-site scripting (CSS) attacks in
	the imp and horde programs.

2. Vulnerable Supported Versions

	System				Package

	OpenLinux 3.1.1 Server		prior to horde-1.2.8-1.i386.rpm
					prior to horde-1.2.8-1.src.rpm
					prior to imp-2.2.8-1.i386.rpm
					prior to imp-2.2.8-1.src.rpm

	OpenLinux 3.1 Server		prior to horde-1.2.8-1.i386.rpm
					prior to horde-1.2.8-1.src.rpm
					prior to imp-2.2.8-1.i386.rpm
					prior to imp-2.2.8-1.src.rpm

3. Solution

	The proper solution is to install the latest packages.

4. OpenLinux 3.1.1 Server

	4.1 Package Location


4.2 Packages

	f52d7821dcbefafc220a479a34f359a7	horde-1.2.8-1.i386.rpm
	7dec82815fe2a801b40fd1cc64712f28	imp-2.2.8-1.i386.rpm

	4.3 Installation

	rpm -Fvh horde-1.2.8-1.i386.rpm
	rpm -Fvh imp-2.2.8-1.i386.rpm

	4.4 Source Package Location


4.5 Source Packages

	2b48821e064674d8b159a3bb1078c619	horde-1.2.8-1.src.rpm
	632aa28b3eaf46100fc00a54bd10644a	imp-2.2.8-1.src.rpm

5. OpenLinux 3.1 Server

	5.1 Package Location


5.2 Packages

	d479bd6ee5b856a3cf212d3b58ddbd98	horde-1.2.8-1.i386.rpm
	836b9bc79c208b36d4e6191dcd60ce0d	imp-2.2.8-1.i386.rpm

	5.3 Installation

	rpm -Fvh horde-1.2.8-1.i386.rpm
	rpm -Fvh imp-2.2.8-1.i386.rpm

	5.4 Source Package Location


5.5 Source Packages

	c8031ec50e69ad21a6a20b7885be6eeb	horde-1.2.8-1.src.rpm
	151403a7a889478485be1733c9fa1bd0	imp-2.2.8-1.src.rpm

6. References

	Specific references for this advisory:

	Caldera OpenLinux security resources:

Caldera UNIX security resources:

This security fix closes Caldera incidents sr862918, fz520626,

7. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on this website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera products.

8. Acknowledgements

	Nuno Loureiro <nuno@eth.pt> discovered and researched this

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH