SciLinux: CVE-2009-2964 Moderate: squirrelmail SL3.x, SL4.x,

Date:         Fri, 9 Oct 2009 14:23:39 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Moderate: squirrelmail on SL3.x, SL4.x,
              SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Moderate: squirrelmail security update
Issue date:	2009-10-08
CVE Names:	CVE-2009-2964

CVE-2009-2964 squirrelmail: CSRF issues in all forms

Form submissions in SquirrelMail did not implement protection against
Cross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked 
a user into visiting a malicious web page, the attacker could hijack 
that user's authentication, inject malicious content into that user's
preferences, or possibly send mail without that user's permission. 
(CVE-2009-2964)

SL 3.0.x

       SRPMS:
squirrelmail-1.4.8-16.el3.src.rpm
       i386:
squirrelmail-1.4.8-16.el3.noarch.rpm
       x86_64:
squirrelmail-1.4.8-16.el3.noarch.rpm

SL 4.x

       SRPMS:
squirrelmail-1.4.8-5.el4_8.8.src.rpm
       i386:
squirrelmail-1.4.8-5.el4_8.8.noarch.rpm
       x86_64:
squirrelmail-1.4.8-5.el4_8.8.noarch.rpm

SL 5.x

       SRPMS:
squirrelmail-1.4.8-5.el5_4.10.src.rpm
       i386:
squirrelmail-1.4.8-5.el5_4.10.noarch.rpm
       x86_64:
squirrelmail-1.4.8-5.el5_4.10.noarch.rpm

-Connie Sieh
-Troy Dawson

Date: Fri, 9 Oct 2009 14:23:39 -0500Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: squirrelmail on SL3.x, SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov" Synopsis: Moderate: squirrelmail security updateIssue date: 2009-10-08CVE Names: CVE-2009-2964CVE-2009-2964 squirrelmail: CSRF issues in all formsForm submissions in SquirrelMail did not implement protection againstCross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a user into visiting a malicious web page, the attacker could hijack that user's authentication, inject malicious content into that user'spreferences, or possibly send mail without that user's permission. (CVE-2009-2964)SL 3.0.x SRPMS:squirrelmail-1.4.8-16.el3.src.rpm i386:squirrelmail-1.4.8-16.el3.noarch.rpm x86_64:squirrelmail-1.4.8-16.el3.noarch.rpmSL 4.x SRPMS:squirrelmail-1.4.8-5.el4_8.8.src.rpm i386:squirrelmail-1.4.8-5.el4_8.8.noarch.rpm x86_64:squirrelmail-1.4.8-5.el4_8.8.noarch.rpmSL 5.x SRPMS:squirrelmail-1.4.8-5.el5_4.10.src.rpm i386:squirrelmail-1.4.8-5.el5_4.10.noarch.rpm x86_64:squirrelmail-1.4.8-5.el5_4.10.noarch.rpm-Connie Sieh-Troy Dawson

SciLinux: CVE-2009-2964 Moderate: squirrelmail SL3.x, SL4.x,

Summary

Security Fixes

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By