Debian Security Advisory
DSA-884-1 horde3 -- design error
- Date Reported:
- 07 Nov 2005
- Affected Packages:
- horde3
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 332290, Bug 332289.
In Mitre's CVE dictionary: CVE-2005-3344. - More information:
-
Mike O'Connor discovered that the default installation of Horde3 on Debian includes an administrator account without a password. Already configured installations will not be altered by this update.
The old stable distribution (woody) does not contain horde3 packages.
For the stable distribution (sarge) this problem has been fixed in version 3.0.4-4sarge1.
For the unstable distribution (sid) this problem has been fixed in version 3.0.5-2
We recommend that you verify your horde3 admin account if you have installed Horde3.
- Fixed in:
-
Debian GNU/Linux 3.1 (sarge)
- Source:
- http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge1.dsc
- http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge1.diff.gz
- http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4.orig.tar.gz
- http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge1.diff.gz
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge1_all.deb
MD5 checksums of the listed files are available in the original advisory.