-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

		Caldera International, Inc.  Security Advisory

Subject:		Linux: REVISED: horde/imp cross scripting vulnerabilities
Advisory number: 	CSSA-2002-016.1
Issue date: 		2002 May 09
Cross reference:
______________________________________________________________________________


1. Problem Description

	There are some potential cross-site scripting (CSS) attacks in
	the imp and horde programs.

	This update fixes a problem with the horde package
	installation.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to horde-1.2.8-2.i386.rpm
					prior to imp-2.2.8-1.i386.rpm

	OpenLinux 3.1 Server		prior to horde-1.2.8-2.i386.rpm
					prior to imp-2.2.8-1.i386.rpm


3. Solution

	The proper solution is to install the latest packages.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

	4.2 Packages

	17a500e12a71d9639d15d85f7386597c	horde-1.2.8-2.i386.rpm
	7dec82815fe2a801b40fd1cc64712f28	imp-2.2.8-1.i386.rpm

	4.3 Installation

	rpm -Fvh horde-1.2.8-2.i386.rpm
	rpm -Fvh imp-2.2.8-1.i386.rpm

	4.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

	4.5 Source Packages

	f6a39863ed3049073b079c52b8d49353	horde-1.2.8-2.src.rpm
	632aa28b3eaf46100fc00a54bd10644a	imp-2.2.8-1.src.rpm


5. OpenLinux 3.1 Server

	5.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

	5.2 Packages

	3ba666ed18ce30c26c059d6467ba648f	horde-1.2.8-2.i386.rpm
	836b9bc79c208b36d4e6191dcd60ce0d	imp-2.2.8-1.i386.rpm

	5.3 Installation

	rpm -Fvh horde-1.2.8-2.i386.rpm
	rpm -Fvh imp-2.2.8-1.i386.rpm

	5.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

	5.5 Source Packages

	a6c9c2bfd5dda4049a0a8b9342bcc3c6	horde-1.2.8-2.src.rpm
	151403a7a889478485be1733c9fa1bd0	imp-2.2.8-1.src.rpm


6. References

	Specific references for this advisory:
		none


	Caldera OpenLinux security resources:
		http://www.caldera.com/support/security/index.html

	Caldera UNIX security resources:
		http://stage.caldera.com/support/security/

	This security fix closes Caldera incidents sr862918, fz520626,
	erg712017.


7. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on this website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera products.


8. Acknowledgements

	Nuno Loureiro <nuno@eth.pt> discovered and researched this
	problem.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjza9tgACgkQbluZssSXDTG4TQCgwvw77w//DhY5+DRg/IU+Nll0
6Q4AoIPLF3I3HeEiXISVsUoJt3rxsbSJ
=FDJl
-----END PGP SIGNATURE-----