[dev] SECURITY: exploit against out of date Horde versions
Chuck Hagenbuch
chuck at horde.org
Mon May 1 20:55:13 PDT 2006
Folks, if you are running Horde 3.0 or later, and you have not updated
to the latest security releases, PLEASE go right now to
http://www.horde.org/, read the top blurb labeled "Security Releases",
and upgrade to the appropriate version IMMEDIATELY.
If for any reason you are hesitant to upgrade, then replace
horde/services/help/index.php with this file:
http://cvs.horde.org/co.php?r=2.86&p=1&f=horde%2Fservices%2Fhelp%2Findex.php
It's from HEAD but should work with all Horde 3.x versions for now and
will protect you.
There are active scans for this vulnerability, and far too many people
are being caught off guard by it. Please take the time to upgrade now.
Thank you,
-chuck
--
"we are plastered to the windshield of the bus that is time." - Chris
More information about the dev
mailing list