Fedora 10: FEDORA-2009-4880 Critical SquirrelMail Code Injection Fix
fedora
May 12, 2009
squirrelmail is now able to work with unsigned 32bit UID values with 32-bit
version of php
Summary
SquirrelMail is a basic webmail package written in PHP4. It
includes built-in pure PHP support for the IMAP and SMTP protocols, and
all pages render in pure HTML 4.0 (with no Javascript) for maximum
compatibility across browsers. It has very few requirements and is very
easy to configure and install.
Update Information:
squirrelmail is now able to work with unsigned 32bit UID values with 32-bit version of php
Change Log
* Tue May 12 2009 Michal Hlavinka
References
[ 1 ] Bug #500360 - CVE-2009-1579 SquirrelMail: Server-side code injection in map_yp_alias username map
https://bugzilla.redhat.com/show_bug.cgi?id=500360
[ 2 ] Bug #500358 - CVE-2009-1580 SquirrelMail: Session fixation vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=500358
[ 3 ] Bug #500356 - CVE-2009-1581 SquirrelMail: CSS positioning vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=500356
[ 4 ] Bug #500363 - CVE-2009-1578 SquirrelMail: Multiple cross site scripting issues
https://bugzilla.redhat.com/show_bug.cgi?id=500363
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update squirrelmail' at the command line. For more information, refer to "Managing Software with yum", available at .
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: squirrelmail
Product: Fedora 10
Version: 1.4.18
Release: 1.fc10
Summary: SquirrelMail webmail client
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!