[SECURITY] [DLA 3676-1] horizon security update

2023-11-3022:59:28

lists.debian.org

horizon

cve-2022-45582

security tracker

open redirect vulnerability

phishing

upgrade

debian lts

debian 10 buster

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.4%

JSON

Debian LTS Advisory DLA-3676-1 [email protected]
https://www.debian.org/lts/security/ Guilhem Moulin
November 30, 2023 https://wiki.debian.org/LTS

Package : horizon
Version : 3:14.0.2-3+deb10u3
CVE ID : CVE-2022-45582

Phan Nguyên Long discovered an Open Redirect vulnerability in horizon, a
web application to control an OpenStack cloud, which could lead to
phishing.

For Debian 10 buster, this problem has been fixed in version
3:14.0.2-3+deb10u3.

We recommend that you upgrade your horizon packages.

For the detailed security status of horizon please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/horizon

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian10amd64libde265-examples< 1.0.11-0+deb10u5libde265-examples_1.0.11-0+deb10u5_amd64.deb
Debian10i386libde265-examples< 1.0.11-0+deb10u5libde265-examples_1.0.11-0+deb10u5_i386.deb
Debian10allopenstack-dashboard-apache< 3:14.0.2-3+deb10u3openstack-dashboard-apache_3:14.0.2-3+deb10u3_all.deb
Debian12allopenstack-dashboard-apache< 3:23.0.0-5+deb12u1openstack-dashboard-apache_3:23.0.0-5+deb12u1_all.deb
Debian10arm64libde265-dev< 1.0.11-0+deb10u5libde265-dev_1.0.11-0+deb10u5_arm64.deb
Debian10allhorizon< 3:14.0.2-3+deb10u3horizon_3:14.0.2-3+deb10u3_all.deb
Debian11allhorizon< 3:18.6.2-5+deb11u2horizon_3:18.6.2-5+deb11u2_all.deb
Debian10alllibde265< 1.0.11-0+deb10u5libde265_1.0.11-0+deb10u5_all.deb
Debian10armhflibde265-dev< 1.0.11-0+deb10u5libde265-dev_1.0.11-0+deb10u5_armhf.deb
Debian11allpython3-django-horizon< 3:18.6.2-5+deb11u2python3-django-horizon_3:18.6.2-5+deb11u2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	amd64	libde265-examples	< 1.0.11-0+deb10u5	libde265-examples_1.0.11-0+deb10u5_amd64.deb
Debian	10	i386	libde265-examples	< 1.0.11-0+deb10u5	libde265-examples_1.0.11-0+deb10u5_i386.deb
Debian	10	all	openstack-dashboard-apache	< 3:14.0.2-3+deb10u3	openstack-dashboard-apache_3:14.0.2-3+deb10u3_all.deb
Debian	12	all	openstack-dashboard-apache	< 3:23.0.0-5+deb12u1	openstack-dashboard-apache_3:23.0.0-5+deb12u1_all.deb
Debian	10	arm64	libde265-dev	< 1.0.11-0+deb10u5	libde265-dev_1.0.11-0+deb10u5_arm64.deb
Debian	10	all	horizon	< 3:14.0.2-3+deb10u3	horizon_3:14.0.2-3+deb10u3_all.deb
Debian	11	all	horizon	< 3:18.6.2-5+deb11u2	horizon_3:18.6.2-5+deb11u2_all.deb
Debian	10	all	libde265	< 1.0.11-0+deb10u5	libde265_1.0.11-0+deb10u5_all.deb
Debian	10	armhf	libde265-dev	< 1.0.11-0+deb10u5	libde265-dev_1.0.11-0+deb10u5_armhf.deb
Debian	11	all	python3-django-horizon	< 3:18.6.2-5+deb11u2	python3-django-horizon_3:18.6.2-5+deb11u2_all.deb