Fedora 12: 2010-1234 Moderate: Insecure Transport Threat in Thunderbird

SquirrelMail is a basic webmail package written in PHP4. It

includes built-in pure PHP support for the IMAP and SMTP protocols, and

all pages render in pure HTML 4.0 (with no Javascript) for maximum

compatibility across browsers. It has very few requirements and is very

easy to configure and install.

ChangeLog:

* Tue May 12 2009 Michal Hlavinka - 1.4.18-1

- updated to 1.4.18

References:

[ 1 ] Bug #500360 - CVE-2009-1579 SquirrelMail: Server-side code injection in map_yp_alias username map

https://bugzilla.redhat.com/show_bug.cgi?id=500360

[ 2 ] Bug #500358 - CVE-2009-1580 SquirrelMail: Session fixation vulnerability

https://bugzilla.redhat.com/show_bug.cgi?id=500358

[ 3 ] Bug #500356 - CVE-2009-1581 SquirrelMail: CSS positioning vulnerability

https://bugzilla.redhat.com/show_bug.cgi?id=500356

[ 4 ] Bug #500363 - CVE-2009-1578 SquirrelMail: Multiple cross site scripting issues

https://bugzilla.redhat.com/show_bug.cgi?id=500363

This update can be installed with the "yum" update program. Use

su -c 'yum update squirrelmail' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

http://fedoraproject.org/keys

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/