Sicherheit: Mehrere Probleme in squirrelmail

Lesezeichen hinzufügen

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2019-ad02f64a79
2019-08-15 18:07:56.659694
-------------------------------------------------------------------------------
-

Name : squirrelmail
Product : Fedora 30
Version : 1.4.23
Release : 1.fc30.20190710
URL : http://www.squirrelmail.org/
Summary : webmail client written in php
Description :
SquirrelMail is a basic webmail package written in PHP4. It
includes built-in pure PHP support for the IMAP and SMTP protocols, and
all pages render in pure HTML 4.0 (with no JavaScript) for maximum
compatibility across browsers. It has very few requirements and is very
easy to configure and install.

-------------------------------------------------------------------------------
-
Update Information:

updated to 1.4 branch snapshot containing several security fixes
-------------------------------------------------------------------------------
-
ChangeLog:

* Wed Jul 10 2019 Michal Hlavinka <mhlavink@redhat.com> -
1.4.23-1.20190710
- squirrelmail updated to newer snapshot
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1616100 - CVE-2018-14955 squirrelmail: persistent XSS in message
display via SVG animations [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1616100
[ 2 ] Bug #1616097 - CVE-2018-14954 squirrelmail: persistent XSS in message
display the formaction attribute [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1616097
[ 3 ] Bug #1616094 - CVE-2018-14953 squirrelmail: persistent XSS in message
display via a "<math xlink:href=" [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1616094
[ 4 ] Bug #1616090 - CVE-2018-14952 squirrelmail: persistent XSS in message
display via a "<math><maction xlink:href=" [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1616090
[ 5 ] Bug #1616087 - CVE-2018-14951 squirrelmail: persistent XSS in message
display via a "<form action='data:text" [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1616087
[ 6 ] Bug #1616084 - CVE-2018-14950 squirrelmail: persistent XSS in message
display via a "<svg><a xlink:href=" [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1616084
[ 7 ] Bug #1560341 - CVE-2018-8741 SquirrelMail: Directory traversal flaw in
Deliver.class.php can allow a remote attacker to retrieve or delete arbitrary files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560341
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-ad02f64a79' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org