[horde] [SECURITY] Remote execution backdoor after server hack (CVE-2012-0209)
Michael J Rubinsky
mrubinsk at horde.org
Tue Feb 14 02:14:28 UTC 2012
Quoting Chris Flav <chris.flav at yahoo.ca>:
> s CVE-2012-0209: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0209
>>
>> We have been able to limit the manipulation to three files
>> downloaded during a certain timeframe. The affected releases are:
>> - Horde 3.3.12 downloaded between November 15 and February 7
>> - Horde Groupware 1.2.10 downloaded between November 9 and February 7
>> - Horde Groupware Webmail Edition 1.2.10 downloaded between
>> November 2 and February 7
>>
>> No other releases have been affected.
>
>
> Is it possible to confirm that the patch updates were or were not modified?
Only the 3 full packages listed in the announcement were affected. To
100% verify that you are indeed "clean", you can search the source
tree for the string also mentioned in the announcement.
--
mike
The Horde Project (www.horde.org)
mrubinsk at horde.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6096 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.horde.org/archives/horde/attachments/20120213/7a5c2836/attachment-0001.bin>
More information about the horde
mailing list