Gentoo Linux Security Advisory 200909-14 (Normal): horde (and 2

38

Background

Horde is a web application framework written in PHP. Horde IMP, the “Internet Messaging Program”, is a Webmail module and Horde Passwd is a password changing module for Horde.

Description

Multiple vulnerabilities have been discovered in Horde:

  • Gunnar Wrobel reported an input sanitation and directory traversal flaw in framework/Image/Image.php, related to the “Horde_Image driver name” (CVE-2009-0932).
  • Gunnar Wrobel reported that data sent to horde/services/portal/cloud_search.php is not properly sanitized before used in the output (CVE-2009-0931).
  • It was reported that data sent to framework/Text_Filter/Filter/xss.php is not properly sanitized before used in the output (CVE-2008-5917).

Horde Passwd: David Wharton reported that data sent via the “backend” parameter to passwd/main.php is not properly sanitized before used in the output (CVE-2009-2360).

Horde IMP: Gunnar Wrobel reported that data sent to smime.php, pgp.php, and message.php is not properly sanitized before used in the output (CVE-2009-0930)…

Read More