[horde] another security issue discovered in Horde ref. CVE-2022-30287

Jos van der Woude jos at veerkade.com
Tue Jun 14 04:33:17 UTC 2022 

  Hello all,

Sorry, turba-4.2.28 does not fix the problem in my installation of Horde.
It results in the same error in the log:

HORDE[1620362]:[turba] $config must be an array [pid 1620362 on line  
55 of "/var/www/html/mail/horde/turba/lib/Factory/Driver.php"]

Regards
Jos

It happens when I try to open a message in imp:

  A FATAL ERROR HAS OCCURRED

  $CONFIG MUST BE AN ARRAY

in /var/www/html/mail/horde/turba/lib/Factory/Driver.php:55   1.  
IMP_Dynamic_Base->__construct()  
/var/www/html/mail/horde/imp/dynamic.php:33  2.  
IMP_Dynamic_Message->_init()  
/var/www/html/mail/horde/imp/lib/Dynamic/Base.php:90  3.  
IMP_Ajax_Application_ShowMessage->showMessage()  
/var/www/html/mail/horde/imp/lib/Dynamic/Message.php:62  4.  
IMP_Contents->getInlineOutput()  
/var/www/html/mail/horde/imp/lib/Ajax/Application/ShowMessage.php:295   
5. IMP_Contents->renderMIMEPart()  
/var/www/html/mail/horde/imp/lib/Contents.php:1465  6.  
Horde_Mime_Viewer_Base->render()  
/var/www/html/mail/horde/imp/lib/Contents.php:654  7.  
IMP_Mime_Viewer_Alternative->_renderInline()  
/usr/share/pear/Horde/Mime/Viewer/Base.php:156  8.  
IMP_Mime_Viewer_Alternative->_IMPrender()  
/var/www/html/mail/horde/imp/lib/Mime/Viewer/Alternative.php:54  9.  
IMP_Contents->renderMIMEPart()  
/var/www/html/mail/horde/imp/lib/Mime/Viewer/Alternative.php:128 10.  
Horde_Mime_Viewer_Base->render()  
/var/www/html/mail/horde/imp/lib/Contents.php:654 11.  
IMP_Mime_Viewer_Html->_renderInline()  
/usr/share/pear/Horde/Mime/Viewer/Base.php:156 12.  
IMP_Mime_Viewer_Html->_IMPrender()  
/var/www/html/mail/horde/imp/lib/Mime/Viewer/Html.php:75 13.  
Horde_Mime_Viewer_Html->_cleanHTML()  
/var/www/html/mail/horde/imp/lib/Mime/Viewer/Html.php:178 14.  
IMP_Mime_Viewer_Html->_node()  
/usr/share/pear/Horde/Mime/Viewer/Html.php:174 15.  
IMP_Mime_Viewer_Html->_imgBlock()  
/var/www/html/mail/horde/imp/lib/Mime/Viewer/Html.php:500 16.  
IMP_Images->showInlineImage()  
/var/www/html/mail/horde/imp/lib/Mime/Viewer/Html.php:664 17.  
IMP_Images->_showInlineImage()  
/var/www/html/mail/horde/imp/lib/Images.php:52 18.  
Horde_Registry->call() /var/www/html/mail/horde/imp/lib/Images.php:83  
19. Horde_Registry->callByPackage()  
/usr/share/pear/Horde/Registry.php:1089 20. Turba_Api->search()  
/usr/share/pear/Horde/Registry.php:1132 21.  
Turba_Factory_Driver->create()  
/var/www/html/mail/horde/turba/lib/Api.php:1202 22.  
Turba_Factory_Driver->_create()  
/var/www/html/mail/horde/turba/lib/Factory/Driver.php:97 23.  
Turba_Driver_Vbook->__construct()  
/var/www/html/mail/horde/turba/lib/Factory/Driver.php:157 24.  
Turba_Factory_Driver->createFromConfig()  
/var/www/html/mail/horde/turba/lib/Driver/Vbook.php:58

  DETAILS

  The Full Error Message Is Logged In Horde's Log File, And Is Shown  
Below Only To Administrators. Non-administrative Users Will Not See  
Error Details.

InvalidArgumentException Object (     [message:protected] => $config  
must be an array     [string:Exception:private] =>       
[code:protected] => 0     [file:protected] =>  
/var/www/html/mail/horde/turba/lib/Factory/Driver.php      
[line:protected] => 55     [trace:Exception:private] => Array         (
  ...

Quoting Michael J Rubinsky <mrubinsk at horde.org>:

> Quoting Christoph Haas <christoph+horde at haas-online.org>:
>
>> Dear Jens,
>> dear Jan,
>>
>> Jens, since you're writing "Most of his changes can be applied  
>> directly to the Horde 5 code (with ome fuzz), only the Horde 5 code  
>> in "turba/lib/Application.php" needs some manual tweaking."
>>
>> For the files in horde/turba/lib
>> Api.php
>> Application.php
>> Driver/Share.php
>> Driver/Vbook.php
>> Factory/Driver.php
>> Form/CreateAddressBook.php
>> Turba.php
>>
>> the patch seems just to change on the affected lines "create" with  
>> "createTrusted".
>>
>> Btw.: I could not find the file  
>> "horde/turba/bin/turba-import-openxchange" and the corresponding  
>> "horde/turba/bin"-directory on my Horde-installation (PEAR-install)  
>> but nevermind ...
>>
>> So on Linux I would do:
>> root at myhorde:/# cd /tmp
>> root at myhorde:/tmp# git clone https://github.com/UnivParis1/turba.git
>> root at myhorde:/tmp/turba# git reset --hard  
>> 9f2521328aa7d0dbd905591eca138c8e7580d673
>> and copy all patched files to my webroot.
>>
>> --> what "manual tweeking" in "horde/turba/lib/Application.ini has  
>> to be done?
>> And what "fuzz" is with the other files?
>>
>> On the other hand I don't even know, if the patch will help me,  
>> since on my Horde-installation is in horde/turba/config/backends.php
>> $cfgSources['localsql']['use_shares'] = true,
>> configured.
>>
>> @Jan:
>> Or could I solve all the trouble through PEAR-upgrade to Turba 4.2.28?
>> What about the troubles in 4.2.27 not to being able to read all  
>> mails (as reported from Jos van der Woude on 08. Juni 2022-06-08,  
>> 08:04:34 CEST).
>> Is this fixed in 4.2.28?
>
> 4.2.28 should fix the remaining regressions. My advice is to  
> upgrade, and not apply any other patches at this time.
>
>> Can anybody give me some insights on how to proceed?
>>
>> Thanks
>> Christoph.
>>
>> --
>> Horde mailing list
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>
> --
> mike
> The Horde Project
> http://www.horde.org
> https://www.facebook.com/hordeprojecthttps://www.twitter.com/hordeproject

More information about the horde mailing list