·¢²¼ÈÕÆÚ£º2008-09-10
¸üÐÂÈÕÆÚ£º2008-09-22
ÊÜÓ°Ïìϵͳ£º
Horde Horde 3.2.x
²»ÊÜÓ°Ïìϵͳ£º
Horde Horde 3.2.2
ÃèÊö£º
BUGTRAQ ID:
31110CVE(CAN) ID:
CVE-2008-3823Horde FrameworkÊǸöÒÔPHPΪ»ù´¡µÄ¼Ü¹¹£¬ÓÃÀ´´´½¨ÍøÂçÓ¦ÓóÌʽ¡£
HordeµÄMIME¿âMIME/MIME/Contents.phpµÄÎļþÖдæÔÚ¿çÕ¾½Å±¾Â©¶´£¬Èç¹ûÓû§ÊÜƲ鿴ÁËÓʼþÏûÏ¢ÖдøÓжñÒâÎļþÃûµÄMIME¸½¼þµÄ»°£¬¾Í¿ÉÄܵ¼ÖÂ×¢Èë²¢Ö´ÐÐÈÎÒâ½Å±¾»òHTML¡£
<*À´Ô´£ºAlexios Fakos
Á´½Ó£º
http://secunia.com/advisories/31842 http://marc.info/?l=horde-announce&m=122104360019867&w=2 http://www.debian.org/security/2008/dsa-1642*>
½¨Ò飺
³§É̲¹¶¡£º
Debian
------
DebianÒѾΪ´Ë·¢²¼ÁËÒ»¸ö°²È«¹«¸æ£¨DSA-1642-1£©ÒÔ¼°ÏàÓ¦²¹¶¡:
DSA-1642-1£ºNew horde3 packages fix cross site scripting
Á´½Ó£º
http://www.debian.org/security/2008/dsa-1642²¹¶¡ÏÂÔØ£º
Source archives:
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch4.dscSize/MD5 checksum: 1076 2f84d0bcc79176fd975a2e33402c1a3f
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3.orig.tar.gzSize/MD5 checksum: 5232958 fbc56c608ac81474b846b1b4b7bb5ee7
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch4.diff.gzSize/MD5 checksum: 13225 c1a2fd542348e7b1110dd76b3077620b
Architecture independent packages:
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch4_all.debSize/MD5 checksum: 5259800 6a9bee45882c4613788e7f51648ca24b
²¹¶¡°²×°·½·¨£º
1. ÊÖ¹¤°²×°²¹¶¡°ü£º
Ê×ÏÈ£¬Ê¹ÓÃÏÂÃæµÄÃüÁîÀ´ÏÂÔز¹¶¡Èí¼þ£º
# wget url (urlÊDz¹¶¡ÏÂÔØÁ´½ÓµØÖ·)
È»ºó£¬Ê¹ÓÃÏÂÃæµÄÃüÁîÀ´°²×°²¹¶¡£º
# dpkg -i file.deb (fileÊÇÏàÓ¦µÄ²¹¶¡Ãû)
2. ʹÓÃapt-get×Ô¶¯°²×°²¹¶¡°ü£º
Ê×ÏÈ£¬Ê¹ÓÃÏÂÃæµÄÃüÁî¸üÐÂÄÚ²¿Êý¾Ý¿â£º
# apt-get update
È»ºó£¬Ê¹ÓÃÏÂÃæµÄÃüÁî°²×°¸üÐÂÈí¼þ°ü£º
# apt-get upgrade
Horde
-----
Ä¿Ç°³§ÉÌÒѾ·¢²¼ÁËÉý¼¶²¹¶¡ÒÔÐÞ¸´Õâ¸ö°²È«ÎÊÌ⣬Çëµ½³§É̵ÄÖ÷Ò³ÏÂÔØ£º
ftp://ftp.horde.org/pub/horde/horde-3.2.2.tar.gzhttp://ftp.horde.org/pub/horde/horde-3.2.2.tar.gz