drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Squirrelmail
Name: |
Mehrere Probleme in Squirrelmail |
|
ID: |
FEDORA-2011-9309 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 14 |
|
Datum: |
Sa, 23. Juli 2011, 21:55 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2023 |
|
Applikationen: |
Squirrelmail |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2011-9309 2011-07-13 18:47:59 ------------------------------------------------------------------------------- -
Name : squirrelmail Product : Fedora 14 Version : 1.4.22 Release : 2.fc14 URL : http://www.squirrelmail.org/ Summary : webmail client written in php Description : SquirrelMail is a basic webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no JavaScript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install.
------------------------------------------------------------------------------- - Update Information:
fixes: - CVE-2011-2023 : Messages containing style tags with malicious script attributes were being displayed without being sanitized - CVE-2010-4555 : An attacker could use one of several small bugs in SquirrelMail to inject malicious script into various pages or alter the contents of user preferences - CVE-2010-4554 : SquirrelMail is vulnerable to clickjacking attacks wherein the entire application can be loaded in a frame that could overlay other elements on top of SquirrelMail ------------------------------------------------------------------------------- - ChangeLog:
* Wed Jul 13 2011 Michal Hlavinka <mhlavink@redhat.com> - 1.4.22-2 - fix possible php warning * Wed Jul 13 2011 Michal Hlavinka <mhlavink@redhat.com> - 1.4.22-1 - squirrelmail updated to 1.4.22 - fixes CVE-2010-4554, CVE-2010-4555, CVE-2011-2023 ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #720693 - CVE-2010-4554 SquirrelMail: Prone to clickjacking attacks https://bugzilla.redhat.com/show_bug.cgi?id=720693 [ 2 ] Bug #720694 - CVE-2010-4555 SquirrelMail: Multiple XSS flaws https://bugzilla.redhat.com/show_bug.cgi?id=720694 [ 3 ] Bug #720695 - CVE-2011-2023 SquirrelMail: XSS in <style> tag handling https://bugzilla.redhat.com/show_bug.cgi?id=720695 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update squirrelmail' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|