-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200309-02 - - - --------------------------------------------------------------------- PACKAGE : horde SUMMARY : session hijacking DATE : 2003-09-01 14:28 UTC EXPLOIT : remote VERSIONS AFFECTED : <vmware-workstation-4.0.2.5592 FIXED VERSION : >=vmware-workstation-4.0.2.5592 CVE : - - - --------------------------------------------------------------------- quote from advisory: "An attacker could send an email to the victim who ago use of HORDE MTA in order to push it to visit a website. The website in issue log all the accesses and describe in the particular the origin of every victim." Read the full advisory at: http://marc.theaimsgroup.com/?l=bugtraq&m=106081310531567&w=2 SOLUTION It is recommended that all Gentoo Linux users who are running net-www/horde upgrade to horde-2.2.4_rc2 as follows: emerge sync emerge horde emerge clean - - - --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at http://dev.gentoo.org/~aliz - - - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/U1eLfT7nyhUpoZMRAvNIAJ9Ff+t+uJUvFK4pqP90o0WB+4rGZACeOpF7 XE4AIoGECKrbQd+oFcZrYpQ= =wWs6 -----END PGP SIGNATURE-----
