| Revision Date: | 2004-12-23 | Version: | 502 |
| Title: | RHSA-2004:654: squirrelmail security update (Moderate) |
| Description: | SquirrelMail is a webmail package written in PHP.
A cross-site scripting bug has been found in SquirrelMail. This issue could allow an attacker to send a mail with a carefully crafted header, which could result in causing the victim's machine to execute a malicious script. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-1036 to this issue.
Additionally, the following issues have been addressed:
- updated splash screens - HIGASHIYAMA Masato's patch to improve Japanese support - real 1.4.3a tarball - config_local.php and default_pref in /etc/squirrelmail/ to match upstream RPM.
Please note that it is possible that upgrading to this package may remove your SquirrelMail configuration files due to a bug in the RPM package. Upgrading will prevent this from happening in the future.
Users of SquirrelMail are advised to upgrade to this updated package which contains a patched version of SquirrelMail version 1.43a and is not vulnerable to these issues.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | CVE-2004-1036
RHSA-2004:654-01
|
| Platform(s): | Red Hat Enterprise Linux 3
| Product(s): | |
| Definition Synopsis |
| Red Hat Enterprise Linux 3 is installed AND squirrelmail is earlier than 0:1.4.3a-7.EL3
AND squirrelmail is signed with Red Hat master key
|