Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories» Fedora » SquirrelMail several vulnerabilities

SquirrelMail several vulnerabilities

Security issues have been fixed in Squirrelmail: CRLF injection, cross-site scripting, arbitrary web page injection (a bit different XSS). Upstream version 1.4.6 solves these problems among other bugs.


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-133
2006-03-03
---------------------------------------------------------------------

Product : Fedora Core 4
Name : squirrelmail
Version : 1.4.6
Release : 1.fc4
Summary : SquirrelMail webmail client
Description :
SquirrelMail is a standards-based webmail package written in PHP4. It
includes built-in pure PHP support for the IMAP and SMTP protocols, and
all pages render in pure HTML 4.0 (with no Javascript) for maximum
compatibility across browsers. It has very few requirements and is very
easy to configure and install. SquirrelMail has all the functionality
you would want from an email client, including strong MIME support,
address books, and folder manipulation.

---------------------------------------------------------------------
Update Information:

Upgrade to version upstream 1.4.6 which solves these issues
in addition to several bugs.

http://www.squirrelmail.org/changelog.php
More details here.

Additionally Fedora's package contains fixes that may
improve usability of squirrelmail in various non-English
languages. Please report to Bug #162852 if this update
causes any regressions in non-English language behavior.
---------------------------------------------------------------------
* Wed Mar 1 2006 David Woodhouse 1.4.6-1
- Upgrade to 1.4.6 proper for CVE-2006-0377 CVE-2006-0195 CVE-2006-0188
- Script the charset changes instead of using a patch
- Convert the ko_KR files to UTF-8, dropping invalid characters from
what's theoretically supposed to be EUC-KR in the original.
* Tue Jan 17 2006 Warren Togami <[email protected]> 1.4.6-0.cvs20050812.3
- do not remove mo files
- require php-mbstring
* Fri Dec 9 2005 Jesse Keating <[email protected]>
- rebuilt
* Mon Sep 12 2005 David Woodhouse 1.4.6-0.cvs20050812.2
- Convert all locales to UTF-8 instead of legacy character sets to
work around bug #162852. Except for ko_KR, because iconv doesn't
believe its help files are actually in EUC-KR as claimed.

---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

7fa03570698b636dcd976d0f3b6d3d51df171224 SRPMS/squirrelmail-1.4.6-1.fc4.src.rpm
9cb6adf3a5746a0187ca0f7db333884221ef7512 ppc/squirrelmail-1.4.6-1.fc4.noarch.rpm
9cb6adf3a5746a0187ca0f7db333884221ef7512 x86_64/squirrelmail-1.4.6-1.fc4.noarch.rpm
9cb6adf3a5746a0187ca0f7db333884221ef7512 i386/squirrelmail-1.4.6-1.fc4.noarch.rpm

This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »