[pkg-horde] [announce] SECURITY: Horde_Auth 1.0.4

Jan Schneider jan at horde.org
Wed Jun 8 14:49:21 UTC 2011

The Horde Team has released version 1.0.4 of the Horde_Auth framework package.

This is an important security release that fixes a serious bug in the  
composite authentication driver that could allow a user to access the  
Horde system even though authentication failed for a sub-driver.

Affected are all versions of the Horde_Auth library from 1.0.0alpha1  
to 1.0.3. Only systems using the composite authentication driver are  
affected. Horde applications that require another login step, e.g.  
IMP, are not affected, even if this 2nd authentication is done  

All affected systems should update the Horde_Auth package IMMEDIATELY.  
This can be done using the PEAR installer:

    pear upgrade horde/horde_auth

The Horde Team.

Horde announcements mailing list
You are subscribed to this list as: pkg-horde-hackers at lists.alioth.debian.org
To unsubscribe, mail: announce-unsubscribe at lists.horde.org

More information about the pkg-horde-hackers mailing list