Oval Definition:oval:com.redhat.rhsa:def:20050595
Revision Date:2005-08-05Version:503
Title:RHSA-2005:595: squirrelmail security update (Moderate)
Description:SquirrelMail is a standards-based webmail package written in PHP4.

A bug was found in the way SquirrelMail handled the $_POST variable. If a user is tricked into visiting a malicious URL, the user's SquirrelMail preferences could be read or modified. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2095 to this issue.

Several cross-site scripting bugs were discovered in SquirrelMail. An attacker could inject arbitrary Javascript or HTML content into SquirrelMail pages by tricking a user into visiting a carefully crafted URL, or by sending them a carefully constructed HTML email message. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-1769 to this issue.

All users of SquirrelMail should upgrade to this updated package, which contains backported patches that resolve these issues.
Family:unixClass:patch
Status:Reference(s):CVE-2005-1769
CVE-2005-2095
RHSA-2005:595-02
Platform(s):Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Product(s):
Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND squirrelmail is earlier than 0:1.4.3a-11.EL3
  • AND squirrelmail is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND squirrelmail is earlier than 0:1.4.3a-12.EL4
  • AND squirrelmail is signed with Red Hat master key
    • BACK