Ausführen beliebiger Kommandos in Squirrelmail
ID: | FEDORA-2017-0b6da97aa5 |
Distribution: | Fedora |
Plattformen: | Fedora 24 |
Datum: | Sa, 3. Juni 2017, 09:36 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7692 |
Applikationen: | Squirrelmail |
Originalnachricht |
|
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-0b6da97aa5 2017-06-02 17:35:03.195274 -------------------------------------------------------------------------------- Name : squirrelmail Product : Fedora 24 Version : 1.4.22 Release : 19.fc24 URL : http://www.squirrelmail.org/ Summary : webmail client written in php Description : SquirrelMail is a basic webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no JavaScript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. -------------------------------------------------------------------------------- Update Information: fix insufficient escaping of user-supplied data (CVE-2017-7692) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1445165 - CVE-2017-7692 squirrelmail: Insufficient escaping of user-supplied data https://bugzilla.redhat.com/show_bug.cgi?id=1445165 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade squirrelmail' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org |