[dev] SECURITY: exploit against out of date Horde versions

Chuck Hagenbuch chuck at horde.org
Mon May 1 20:55:13 PDT 2006


Folks, if you are running Horde 3.0 or later, and you have not updated  
to the latest security releases, PLEASE go right now to  
http://www.horde.org/, read the top blurb labeled "Security Releases",  
and upgrade to the appropriate version IMMEDIATELY.

If for any reason you are hesitant to upgrade, then replace  
horde/services/help/index.php with this file:
   http://cvs.horde.org/co.php?r=2.86&p=1&f=horde%2Fservices%2Fhelp%2Findex.php

It's from HEAD but should work with all Horde 3.x versions for now and  
will protect you.

There are active scans for this vulnerability, and far too many people  
are being caught off guard by it. Please take the time to upgrade now.

Thank you,
-chuck

-- 
"we are plastered to the windshield of the bus that is time." - Chris


More information about the dev mailing list