Oval Definition:	oval:com.redhat.rhsa:def:20091490
Revision Date: 2009-10-08 Version: 641 Title: RHSA-2009:1490: squirrelmail security update (Moderate) Description: SquirrelMail is a standards-based webmail package written in PHP. Form submissions in SquirrelMail did not implement protection against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a user into visiting a malicious web page, the attacker could hijack that user's authentication, inject malicious content into that user's preferences, or possibly send mail without that user's permission. (CVE-2009-2964) Users of SquirrelMail should upgrade to this updated package, which contains a backported patch to correct these issues. Family: unix Class: patch Status: Reference(s): CVE-2009-2964 RHSA-2009:1490 RHSA-2009:1490-01 RHSA-2009:1490-01 Platform(s): Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Product(s): Definition Synopsis Red Hat Enterprise Linux must be installed OR Package Information Red Hat Enterprise Linux 3 is installed AND squirrelmail is earlier than 0:1.4.8-16.el3 AND squirrelmail is signed with Red Hat master key OR Package Information Red Hat Enterprise Linux 4 is installed AND squirrelmail is earlier than 0:1.4.8-5.el4_8.8 AND squirrelmail is signed with Red Hat master key OR Package Information Red Hat Enterprise Linux 5 is installed AND squirrelmail is earlier than 0:1.4.8-5.el5_4.10 AND squirrelmail is signed with Red Hat redhatrelease key Definition Synopsis Red Hat Enterprise Linux must be installed OR Package Information Red Hat Enterprise Linux 4 is installed AND squirrelmail is earlier than 0:1.4.8-5.el4_8.8 AND squirrelmail is signed with Red Hat redhatrelease2 key OR Package Information Red Hat Enterprise Linux 5 is installed AND squirrelmail is earlier than 0:1.4.8-5.el5_4.10 AND squirrelmail is signed with Red Hat redhatrelease2 key
BACK