Oval Definition:	oval:com.redhat.rhsa:def:20060283
Revision Date: 2006-05-03 Version: 639 Title: RHSA-2006:0283: squirrelmail security update (Moderate) Description: SquirrelMail is a standards-based webmail package written in PHP4. A bug was found in the way SquirrelMail presents the right frame to the user. If a user can be tricked into opening a carefully crafted URL, it is possible to present the user with arbitrary HTML data. (CVE-2006-0188) A bug was found in the way SquirrelMail filters incoming HTML email. It is possible to cause a victim's web browser to request remote content by opening a HTML email while running a web browser that processes certain types of invalid style sheets. Only Internet Explorer is known to process such malformed style sheets. (CVE-2006-0195) A bug was found in the way SquirrelMail processes a request to select an IMAP mailbox. If a user can be tricked into opening a carefully crafted URL, it is possible to execute arbitrary IMAP commands as the user viewing their mail with SquirrelMail. (CVE-2006-0377) Users of SquirrelMail are advised to upgrade to this updated package, which contains SquirrelMail version 1.4.6 and is not vulnerable to these issues. Family: unix Class: patch Status: Reference(s): CVE-2006-0188 CVE-2006-0195 CVE-2006-0377 RHSA-2006:0283 RHSA-2006:0283-01 RHSA-2006:0283-01 Platform(s): Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Product(s): Definition Synopsis Red Hat Enterprise Linux must be installed OR Package Information Red Hat Enterprise Linux 3 is installed AND squirrelmail is earlier than 0:1.4.6-5.el3 AND squirrelmail is signed with Red Hat master key OR Package Information Red Hat Enterprise Linux 4 is installed AND squirrelmail is earlier than 0:1.4.6-5.el4 AND squirrelmail is signed with Red Hat master key Definition Synopsis Red Hat Enterprise Linux must be installed OR Package Information Red Hat Enterprise Linux 4 is installed AND squirrelmail is earlier than 0:1.4.6-5.el4 AND squirrelmail is signed with Red Hat redhatrelease2 key
BACK