SciLinux: CVE-2007-1262 squirrelmail SL5.x, SL4.x,
Summary
Date: Mon, 21 May 2007 16:31:18 -0500Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA for squirrelmail on SL5.x, SL4.x, SL3,x i386/x86_64Comments: To: scientific-linux-errata@fnal.govSynopsis: Moderate: squirrelmail security updateIssue date: 2007-05-17CVE Names: CVE-2007-1262 CVE-2007-2589Several HTML filtering bugs were discovered in SquirrelMail. An attacker could inject arbitrary JavaScript leading to cross-site scripting attacks by sending an e-mail viewed by a user within SquirrelMail. (CVE-2007-1262)Squirrelmail did not sufficiently check arguments to IMG tags in HTMLe-mail messages. This could be exploited by an attacker by sendingarbitrary e-mail messages on behalf of a squirrelmail user tricked into opening a maliciously crafted HTML e-mail message. (CVE-2007-2589)SL 3.0.x SRPMS: squirrelmail-1.4.8-6.el3.src.rpm i386: squirrelmail-1.4.8-6.el3.noarch.rpm x86_64: squirrelmail-1.4.8-6.el3.noarch.rpmSL 4.x SRPMS: squirrelmail-1.4.8-4.0.1.el4.src.rpm i386: squirrelmail-1.4.8-4.0.1.el4.noarch.rpm x86_64: squirrelmail-1.4.8-4.0.1.el4.noarch.rpmSL 5.x SRPMS: squirrelmail-1.4.8-4.0.1.el5.src.rpm i386: squirrelmail-1.4.8-4.0.1.el5.noarch.rpm x86_64: squirrelmail-1.4.8-4.0.1.el5.noarch.rpm-Connie Sieh-Troy Dawsonlastline