Oval Definition:oval:com.redhat.rhsa:def:20070358
Revision Date:2007-05-17Version:635
Title:RHSA-2007:0358: squirrelmail security update (Moderate)
Description:SquirrelMail is a standards-based webmail package written in PHP4.

  • Several HTML filtering bugs were discovered in SquirrelMail. An attacker could inject arbitrary JavaScript leading to cross-site scripting attacks by sending an e-mail viewed by a user within SquirrelMail. (CVE-2007-1262)

  • Squirrelmail did not sufficiently check arguments to IMG tags in HTML e-mail messages. This could be exploited by an attacker by sending arbitrary e-mail messages on behalf of a squirrelmail user tricked into opening a maliciously crafted HTML e-mail message. (CVE-2007-2589)

    Users of SquirrelMail should upgrade to this erratum package, which contains a backported patch to correct these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2007-1262
    CVE-2007-2589
    RHSA-2007:0358
    RHSA-2007:0358-02
    RHSA-2007:0358-02
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND squirrelmail is earlier than 0:1.4.8-6.el3
  • AND squirrelmail is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND squirrelmail is earlier than 0:1.4.8-4.0.1.el4
  • AND squirrelmail is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND squirrelmail is earlier than 0:1.4.8-4.0.1.el5
  • AND squirrelmail is signed with Red Hat redhatrelease key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND squirrelmail is earlier than 0:1.4.8-6.el3
  • AND squirrelmail is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND squirrelmail is earlier than 0:1.4.8-4.0.1.el4
  • AND squirrelmail is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND squirrelmail is earlier than 0:1.4.8-4.0.1.el5
  • AND squirrelmail is signed with Red Hat redhatrelease key
    • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND squirrelmail is earlier than 0:1.4.8-4.0.1.el4
  • AND squirrelmail is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND squirrelmail is earlier than 0:1.4.8-4.0.1.el5
  • AND squirrelmail is signed with Red Hat redhatrelease2 key
    • BACK