lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1HpXBx-0005l0-F3@artemis.annvix.ca>
Date: Sat, 19 May 2007 16:14:25 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2007:106 ] - Updated squirrelmailpackages fix vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:106
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : squirrelmail
 Date    : May 19, 2007
 Affected: Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A number of HTML filtering bugs were found in SquirrelMail that
 could allow an attacker to inject arbitrary JavaScript leading to
 cross-site scripting attacks by sending an email viewed by a user
 within SquirrelMail (CVE-2007-1262).
 
 As well, SquirrelMail did not sufficiently check arguments to IMG tags
 in HTML messages that could be exploited by an attacker by sending
 arbitrary email messges on behalf of a SquirrelMail user tricked into
 opening a maliciously-crafted HTML email message (CVE-2007-2589).
 
 The packages provided have been updated to correct these
 vulnerabilities; Corporate Server 4 has been upgraded to SquirrelMail
 1.4.10a and Corporate Server 3 has been patched to protect against
 these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1262
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2589
 _______________________________________________________________________
 
 Updated Packages:
 
 Corporate 3.0:
 e3c5f1b83f6f20915ea82419f7b878b5  corporate/3.0/i586/squirrelmail-1.4.5-1.6.C30mdk.noarch.rpm
 2edfb083bb6215aab9bd46aeacdf32a9  corporate/3.0/i586/squirrelmail-poutils-1.4.5-1.6.C30mdk.noarch.rpm 
 fdfb2f5cfc43752d836f55bf165531d4  corporate/3.0/SRPMS/squirrelmail-1.4.5-1.6.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 e3c5f1b83f6f20915ea82419f7b878b5  corporate/3.0/x86_64/squirrelmail-1.4.5-1.6.C30mdk.noarch.rpm
 2edfb083bb6215aab9bd46aeacdf32a9  corporate/3.0/x86_64/squirrelmail-poutils-1.4.5-1.6.C30mdk.noarch.rpm 
 fdfb2f5cfc43752d836f55bf165531d4  corporate/3.0/SRPMS/squirrelmail-1.4.5-1.6.C30mdk.src.rpm

 Corporate 4.0:
 00a9cbc5496e1e870744f6522c1bc773  corporate/4.0/i586/squirrelmail-1.4.10a-0.1.20060mlcs4.noarch.rpm
 d4e553f398f4235f150ee4122090ec88  corporate/4.0/i586/squirrelmail-ar-1.4.10a-0.1.20060mlcs4.noarch.rpm
 76888c9511b69b7334e84acf9ef129ab  corporate/4.0/i586/squirrelmail-bg-1.4.10a-0.1.20060mlcs4.noarch.rpm
 4c61f79a417adf6eeea687b457462a8f  corporate/4.0/i586/squirrelmail-bn-1.4.10a-0.1.20060mlcs4.noarch.rpm
 f089e4bb67c55cddd1f7629e593e703b  corporate/4.0/i586/squirrelmail-ca-1.4.10a-0.1.20060mlcs4.noarch.rpm
 0a379ace81dd9369f899b7b7118cb760  corporate/4.0/i586/squirrelmail-cs-1.4.10a-0.1.20060mlcs4.noarch.rpm
 dff33042bf47adef266547d7a9b3ade2  corporate/4.0/i586/squirrelmail-cy-1.4.10a-0.1.20060mlcs4.noarch.rpm
 2d4edc19e56833116ab2294f4a27d23b  corporate/4.0/i586/squirrelmail-cyrus-1.4.10a-0.1.20060mlcs4.noarch.rpm
 7bec6d64bbe6999e11d7d0c77bcaab82  corporate/4.0/i586/squirrelmail-da-1.4.10a-0.1.20060mlcs4.noarch.rpm
 5e14e81ec4f57f016656c7d0114fdcad  corporate/4.0/i586/squirrelmail-de-1.4.10a-0.1.20060mlcs4.noarch.rpm
 13813b8c28001bd43cdd6af745e736b8  corporate/4.0/i586/squirrelmail-el-1.4.10a-0.1.20060mlcs4.noarch.rpm
 a7f9076a6af3d2b98eec5bdf4f21811d  corporate/4.0/i586/squirrelmail-en-1.4.10a-0.1.20060mlcs4.noarch.rpm
 ec38199eecabb658647e352b4f2c30ba  corporate/4.0/i586/squirrelmail-es-1.4.10a-0.1.20060mlcs4.noarch.rpm
 ffe5ecdb63aaf4aead6d9d0cde35baf9  corporate/4.0/i586/squirrelmail-et-1.4.10a-0.1.20060mlcs4.noarch.rpm
 07dcf84da41d89559b90681a87373dc6  corporate/4.0/i586/squirrelmail-eu-1.4.10a-0.1.20060mlcs4.noarch.rpm
 9658a4ba0a0323ce9bba873fe4c1c4b9  corporate/4.0/i586/squirrelmail-fa-1.4.10a-0.1.20060mlcs4.noarch.rpm
 e25b7b37ee46ca3e51cf8c3c4f05663e  corporate/4.0/i586/squirrelmail-fi-1.4.10a-0.1.20060mlcs4.noarch.rpm
 407062a02f20eecc5b2f3ab0d4380e43  corporate/4.0/i586/squirrelmail-fo-1.4.10a-0.1.20060mlcs4.noarch.rpm
 5cc39ed0d608875a7603701dacf6a0b7  corporate/4.0/i586/squirrelmail-fr-1.4.10a-0.1.20060mlcs4.noarch.rpm
 db6096f1b9bf670da192bb937d149168  corporate/4.0/i586/squirrelmail-he-1.4.10a-0.1.20060mlcs4.noarch.rpm
 ab01482e97c19c60db21026f8d910a09  corporate/4.0/i586/squirrelmail-hr-1.4.10a-0.1.20060mlcs4.noarch.rpm
 7e950b64fb7c34c1ad285c1160d58d5e  corporate/4.0/i586/squirrelmail-hu-1.4.10a-0.1.20060mlcs4.noarch.rpm
 8e765a394db8a6f0ca05c9207bd2f025  corporate/4.0/i586/squirrelmail-id-1.4.10a-0.1.20060mlcs4.noarch.rpm
 cb68e301cbb371150d37883a69850589  corporate/4.0/i586/squirrelmail-is-1.4.10a-0.1.20060mlcs4.noarch.rpm
 b5645e48af1b39cdfa32e3fa52ea7bb4  corporate/4.0/i586/squirrelmail-it-1.4.10a-0.1.20060mlcs4.noarch.rpm
 645c0f8c641986cb777bd058e95c6d32  corporate/4.0/i586/squirrelmail-ja-1.4.10a-0.1.20060mlcs4.noarch.rpm
 8f220bf05ec6286877917d2509c0d3e5  corporate/4.0/i586/squirrelmail-ka-1.4.10a-0.1.20060mlcs4.noarch.rpm
 f0fb577de0b859f3bb6bc5381d3f1005  corporate/4.0/i586/squirrelmail-ko-1.4.10a-0.1.20060mlcs4.noarch.rpm
 bd9ca263ce438c7c73d78296a1a21504  corporate/4.0/i586/squirrelmail-lt-1.4.10a-0.1.20060mlcs4.noarch.rpm
 870b38ef81516da105951688f9a42b60  corporate/4.0/i586/squirrelmail-ms-1.4.10a-0.1.20060mlcs4.noarch.rpm
 9ed257e3302a906aa2809b8b03f551d3  corporate/4.0/i586/squirrelmail-nb-1.4.10a-0.1.20060mlcs4.noarch.rpm
 b6e36bd9ea5c40410b1bb62a0f749343  corporate/4.0/i586/squirrelmail-nl-1.4.10a-0.1.20060mlcs4.noarch.rpm
 f8dad3c19799b0c72c398aa722cd25ab  corporate/4.0/i586/squirrelmail-nn-1.4.10a-0.1.20060mlcs4.noarch.rpm
 a17af2f51a339ad50c8d47bfc46d7b96  corporate/4.0/i586/squirrelmail-pl-1.4.10a-0.1.20060mlcs4.noarch.rpm
 f2126cfaa0fa6c91849177a6d4c98373  corporate/4.0/i586/squirrelmail-poutils-1.4.10a-0.1.20060mlcs4.noarch.rpm
 f92f94136001810cce68a37ac00b42e8  corporate/4.0/i586/squirrelmail-pt-1.4.10a-0.1.20060mlcs4.noarch.rpm
 39157e969bdbb36040da6ab0cdd7e986  corporate/4.0/i586/squirrelmail-ro-1.4.10a-0.1.20060mlcs4.noarch.rpm
 98b993b7e7117797bb3a41d26f699a4a  corporate/4.0/i586/squirrelmail-ru-1.4.10a-0.1.20060mlcs4.noarch.rpm
 8c1a2cfbe4dcec22fa922acdce5356da  corporate/4.0/i586/squirrelmail-sk-1.4.10a-0.1.20060mlcs4.noarch.rpm
 2d0dcbe712a9a32630e4c7286e7b6b98  corporate/4.0/i586/squirrelmail-sl-1.4.10a-0.1.20060mlcs4.noarch.rpm
 91f842b7ec13189b12ae004e69c7c813  corporate/4.0/i586/squirrelmail-sr-1.4.10a-0.1.20060mlcs4.noarch.rpm
 2c7effb242f5821bc1dcac3751826971  corporate/4.0/i586/squirrelmail-sv-1.4.10a-0.1.20060mlcs4.noarch.rpm
 782742145d5645ddf4dd154335d32c4c  corporate/4.0/i586/squirrelmail-th-1.4.10a-0.1.20060mlcs4.noarch.rpm
 25cbe538d17a6c445d33836d8519e00b  corporate/4.0/i586/squirrelmail-tl-1.4.10a-0.1.20060mlcs4.noarch.rpm
 0afa08b672fe9143f257c7662ba902e1  corporate/4.0/i586/squirrelmail-tr-1.4.10a-0.1.20060mlcs4.noarch.rpm
 866d67e6d199843d49fa89f839ea96a1  corporate/4.0/i586/squirrelmail-ug-1.4.10a-0.1.20060mlcs4.noarch.rpm
 731916f9543710af726cd3e532731633  corporate/4.0/i586/squirrelmail-uk-1.4.10a-0.1.20060mlcs4.noarch.rpm
 c9c59033a62495c6f7d5f4f1d67ad737  corporate/4.0/i586/squirrelmail-vi-1.4.10a-0.1.20060mlcs4.noarch.rpm
 20f3edd5924b403bbd9ddbdf1556fb81  corporate/4.0/i586/squirrelmail-zh_CN-1.4.10a-0.1.20060mlcs4.noarch.rpm
 7fff9380eb6ce2c4fdb9027434cebed3  corporate/4.0/i586/squirrelmail-zh_TW-1.4.10a-0.1.20060mlcs4.noarch.rpm 
 bab8517dc2caa6e86d3b08d197ead728  corporate/4.0/SRPMS/squirrelmail-1.4.10a-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 00a9cbc5496e1e870744f6522c1bc773  corporate/4.0/x86_64/squirrelmail-1.4.10a-0.1.20060mlcs4.noarch.rpm
 d4e553f398f4235f150ee4122090ec88  corporate/4.0/x86_64/squirrelmail-ar-1.4.10a-0.1.20060mlcs4.noarch.rpm
 76888c9511b69b7334e84acf9ef129ab  corporate/4.0/x86_64/squirrelmail-bg-1.4.10a-0.1.20060mlcs4.noarch.rpm
 4c61f79a417adf6eeea687b457462a8f  corporate/4.0/x86_64/squirrelmail-bn-1.4.10a-0.1.20060mlcs4.noarch.rpm
 f089e4bb67c55cddd1f7629e593e703b  corporate/4.0/x86_64/squirrelmail-ca-1.4.10a-0.1.20060mlcs4.noarch.rpm
 0a379ace81dd9369f899b7b7118cb760  corporate/4.0/x86_64/squirrelmail-cs-1.4.10a-0.1.20060mlcs4.noarch.rpm
 dff33042bf47adef266547d7a9b3ade2  corporate/4.0/x86_64/squirrelmail-cy-1.4.10a-0.1.20060mlcs4.noarch.rpm
 2d4edc19e56833116ab2294f4a27d23b  corporate/4.0/x86_64/squirrelmail-cyrus-1.4.10a-0.1.20060mlcs4.noarch.rpm
 7bec6d64bbe6999e11d7d0c77bcaab82  corporate/4.0/x86_64/squirrelmail-da-1.4.10a-0.1.20060mlcs4.noarch.rpm
 5e14e81ec4f57f016656c7d0114fdcad  corporate/4.0/x86_64/squirrelmail-de-1.4.10a-0.1.20060mlcs4.noarch.rpm
 13813b8c28001bd43cdd6af745e736b8  corporate/4.0/x86_64/squirrelmail-el-1.4.10a-0.1.20060mlcs4.noarch.rpm
 a7f9076a6af3d2b98eec5bdf4f21811d  corporate/4.0/x86_64/squirrelmail-en-1.4.10a-0.1.20060mlcs4.noarch.rpm
 ec38199eecabb658647e352b4f2c30ba  corporate/4.0/x86_64/squirrelmail-es-1.4.10a-0.1.20060mlcs4.noarch.rpm
 ffe5ecdb63aaf4aead6d9d0cde35baf9  corporate/4.0/x86_64/squirrelmail-et-1.4.10a-0.1.20060mlcs4.noarch.rpm
 07dcf84da41d89559b90681a87373dc6  corporate/4.0/x86_64/squirrelmail-eu-1.4.10a-0.1.20060mlcs4.noarch.rpm
 9658a4ba0a0323ce9bba873fe4c1c4b9  corporate/4.0/x86_64/squirrelmail-fa-1.4.10a-0.1.20060mlcs4.noarch.rpm
 e25b7b37ee46ca3e51cf8c3c4f05663e  corporate/4.0/x86_64/squirrelmail-fi-1.4.10a-0.1.20060mlcs4.noarch.rpm
 407062a02f20eecc5b2f3ab0d4380e43  corporate/4.0/x86_64/squirrelmail-fo-1.4.10a-0.1.20060mlcs4.noarch.rpm
 5cc39ed0d608875a7603701dacf6a0b7  corporate/4.0/x86_64/squirrelmail-fr-1.4.10a-0.1.20060mlcs4.noarch.rpm
 db6096f1b9bf670da192bb937d149168  corporate/4.0/x86_64/squirrelmail-he-1.4.10a-0.1.20060mlcs4.noarch.rpm
 ab01482e97c19c60db21026f8d910a09  corporate/4.0/x86_64/squirrelmail-hr-1.4.10a-0.1.20060mlcs4.noarch.rpm
 7e950b64fb7c34c1ad285c1160d58d5e  corporate/4.0/x86_64/squirrelmail-hu-1.4.10a-0.1.20060mlcs4.noarch.rpm
 8e765a394db8a6f0ca05c9207bd2f025  corporate/4.0/x86_64/squirrelmail-id-1.4.10a-0.1.20060mlcs4.noarch.rpm
 cb68e301cbb371150d37883a69850589  corporate/4.0/x86_64/squirrelmail-is-1.4.10a-0.1.20060mlcs4.noarch.rpm
 b5645e48af1b39cdfa32e3fa52ea7bb4  corporate/4.0/x86_64/squirrelmail-it-1.4.10a-0.1.20060mlcs4.noarch.rpm
 645c0f8c641986cb777bd058e95c6d32  corporate/4.0/x86_64/squirrelmail-ja-1.4.10a-0.1.20060mlcs4.noarch.rpm
 8f220bf05ec6286877917d2509c0d3e5  corporate/4.0/x86_64/squirrelmail-ka-1.4.10a-0.1.20060mlcs4.noarch.rpm
 f0fb577de0b859f3bb6bc5381d3f1005  corporate/4.0/x86_64/squirrelmail-ko-1.4.10a-0.1.20060mlcs4.noarch.rpm
 bd9ca263ce438c7c73d78296a1a21504  corporate/4.0/x86_64/squirrelmail-lt-1.4.10a-0.1.20060mlcs4.noarch.rpm
 870b38ef81516da105951688f9a42b60  corporate/4.0/x86_64/squirrelmail-ms-1.4.10a-0.1.20060mlcs4.noarch.rpm
 9ed257e3302a906aa2809b8b03f551d3  corporate/4.0/x86_64/squirrelmail-nb-1.4.10a-0.1.20060mlcs4.noarch.rpm
 b6e36bd9ea5c40410b1bb62a0f749343  corporate/4.0/x86_64/squirrelmail-nl-1.4.10a-0.1.20060mlcs4.noarch.rpm
 f8dad3c19799b0c72c398aa722cd25ab  corporate/4.0/x86_64/squirrelmail-nn-1.4.10a-0.1.20060mlcs4.noarch.rpm
 a17af2f51a339ad50c8d47bfc46d7b96  corporate/4.0/x86_64/squirrelmail-pl-1.4.10a-0.1.20060mlcs4.noarch.rpm
 f2126cfaa0fa6c91849177a6d4c98373  corporate/4.0/x86_64/squirrelmail-poutils-1.4.10a-0.1.20060mlcs4.noarch.rpm
 f92f94136001810cce68a37ac00b42e8  corporate/4.0/x86_64/squirrelmail-pt-1.4.10a-0.1.20060mlcs4.noarch.rpm
 39157e969bdbb36040da6ab0cdd7e986  corporate/4.0/x86_64/squirrelmail-ro-1.4.10a-0.1.20060mlcs4.noarch.rpm
 98b993b7e7117797bb3a41d26f699a4a  corporate/4.0/x86_64/squirrelmail-ru-1.4.10a-0.1.20060mlcs4.noarch.rpm
 8c1a2cfbe4dcec22fa922acdce5356da  corporate/4.0/x86_64/squirrelmail-sk-1.4.10a-0.1.20060mlcs4.noarch.rpm
 2d0dcbe712a9a32630e4c7286e7b6b98  corporate/4.0/x86_64/squirrelmail-sl-1.4.10a-0.1.20060mlcs4.noarch.rpm
 91f842b7ec13189b12ae004e69c7c813  corporate/4.0/x86_64/squirrelmail-sr-1.4.10a-0.1.20060mlcs4.noarch.rpm
 2c7effb242f5821bc1dcac3751826971  corporate/4.0/x86_64/squirrelmail-sv-1.4.10a-0.1.20060mlcs4.noarch.rpm
 782742145d5645ddf4dd154335d32c4c  corporate/4.0/x86_64/squirrelmail-th-1.4.10a-0.1.20060mlcs4.noarch.rpm
 25cbe538d17a6c445d33836d8519e00b  corporate/4.0/x86_64/squirrelmail-tl-1.4.10a-0.1.20060mlcs4.noarch.rpm
 0afa08b672fe9143f257c7662ba902e1  corporate/4.0/x86_64/squirrelmail-tr-1.4.10a-0.1.20060mlcs4.noarch.rpm
 866d67e6d199843d49fa89f839ea96a1  corporate/4.0/x86_64/squirrelmail-ug-1.4.10a-0.1.20060mlcs4.noarch.rpm
 731916f9543710af726cd3e532731633  corporate/4.0/x86_64/squirrelmail-uk-1.4.10a-0.1.20060mlcs4.noarch.rpm
 c9c59033a62495c6f7d5f4f1d67ad737  corporate/4.0/x86_64/squirrelmail-vi-1.4.10a-0.1.20060mlcs4.noarch.rpm
 20f3edd5924b403bbd9ddbdf1556fb81  corporate/4.0/x86_64/squirrelmail-zh_CN-1.4.10a-0.1.20060mlcs4.noarch.rpm
 7fff9380eb6ce2c4fdb9027434cebed3  corporate/4.0/x86_64/squirrelmail-zh_TW-1.4.10a-0.1.20060mlcs4.noarch.rpm 
 bab8517dc2caa6e86d3b08d197ead728  corporate/4.0/SRPMS/squirrelmail-1.4.10a-0.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGT0aqmqjQ0CJFipgRAuLwAJ9HafZRRE5r8alqoNNQEjHYtPZb7gCePtDd
IObzuzV4HqWvYhtNatKOeRg=
=QCKi
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ