Login
Newsletter
Werbung
Sicherheit: Cross-Site-Scripting in courier
Aktuelle Meldungen Distributionen
Name: Cross-Site-Scripting in courier
ID: DSA-533-1
Distribution: Debian
Plattformen: Debian sid
Datum: Fr, 23. Juli 2004, 13:00
Referenzen: Keine Angabe
Applikationen: Courier

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Debian Security Advisory DSA 533-1                     security@debian.org
http://www.debian.org/security/                             Matt Zimmerman
July 22nd, 2004                         http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : courier
Vulnerability  : cross-site scripting
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2004-0591

A cross-site scripting vulnerability was discovered in sqwebmail, a
web mail application provided by the courier mail suite, whereby an
attacker could cause web script to be executed within the security
context of the sqwebmail application by injecting it via an email
message.

For the current stable distribution (woody), this problem has been
fixed in version 0.37.3-2.5.

For the unstable distribution (sid), this problem has been fixed in
version 0.45.4-4.

We recommend that you update your courier package.

Upgrade Instructions
--------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
--------------------------------

  Source archives:

    courier_0.37.3-2.5.dsc
      Size/MD5 checksum:      913 9f807cbbd29262fb1122b65060255364
    courier_0.37.3-2.5.diff.gz
      Size/MD5 checksum:    33252 c3005c334dbc98f1ced5e6d27d014176
    courier_0.37.3.orig.tar.gz
      Size/MD5 checksum:  3238013 350cbb2e8b5f384409bdf2a15d605bc9

  Architecture independent components:

    courier-doc_0.37.3-2.5_all.deb
      Size/MD5 checksum:   321874 9766f52b62a87e349154d49c8a01eb9a

  ARM architecture:

    courier-authdaemon_0.37.3-2.5_arm.deb
      Size/MD5 checksum:    47248 1a82fe557d0cf909f84b1477eb0421c3
    courier-authmysql_0.37.3-2.5_arm.deb
      Size/MD5 checksum:    42402 5bbae529773a02ed4eb3873dbe14e095
    courier-base_0.37.3-2.5_arm.deb
      Size/MD5 checksum:   128588 ea9b559cc3634519f8539835404f0255
    courier-debug_0.37.3-2.5_arm.deb
      Size/MD5 checksum:    17588 1f95e1b55d8d8e63e5d948cd749b1d4f
    courier-imap_1.4.3-2.5_arm.deb
      Size/MD5 checksum:   124534 98bf7ffaf73426973e4d6def6327f655
    courier-ldap_0.37.3-2.5_arm.deb
      Size/MD5 checksum:    53570 2f74be30e779c10c4978333d6520a50d
    courier-maildrop_0.37.3-2.5_arm.deb
      Size/MD5 checksum:   180048 f1a6336bc28cf72c0d67d4a3074fbbf1
    courier-mlm_0.37.3-2.5_arm.deb
      Size/MD5 checksum:   116172 aec23a01271bccf1fcd4a922533001e9
    courier-mta_0.37.3-2.5_arm.deb
      Size/MD5 checksum:   549764 cb8808bb78b9411c726e08514e14d8bd
    courier-pcp_0.37.3-2.5_arm.deb
      Size/MD5 checksum:    55770 32c57eb11742bee944b25f72ec8c14f7
    courier-pop_0.37.3-2.5_arm.deb
      Size/MD5 checksum:    35314 cfcd25187c79ab131678c222f124cd21
    courier-webadmin_0.37.3-2.5_arm.deb
      Size/MD5 checksum:    24978 2af9134d310f12a142c6199effc34577
    sqwebmail_0.37.3-2.5_arm.deb
      Size/MD5 checksum:   297356 f8d25450c784a3877d7593f64d628858

  Intel IA-32 architecture:

    courier-authdaemon_0.37.3-2.5_i386.deb
      Size/MD5 checksum:    46322 dc4493b38acd559a4a3dcc9eb335160a
    courier-authmysql_0.37.3-2.5_i386.deb
      Size/MD5 checksum:    41754 8d9fc5959af9e155d722a8c9a4bed302
    courier-base_0.37.3-2.5_i386.deb
      Size/MD5 checksum:   129470 9a056627abc8d69c57c226e88b7775b4
    courier-debug_0.37.3-2.5_i386.deb
      Size/MD5 checksum:    17316 30d2bab04472842252cedbea6878cb65
    courier-imap_1.4.3-2.5_i386.deb
      Size/MD5 checksum:   120756 140f9620d3b9d0509ce098bdb5b6b3d5
    courier-ldap_0.37.3-2.5_i386.deb
      Size/MD5 checksum:    52376 e7b0d581b168eb2bd277b21449cf5426
    courier-maildrop_0.37.3-2.5_i386.deb
      Size/MD5 checksum:   174180 1d201ecf0f79816d535662ebc03df32f
    courier-mlm_0.37.3-2.5_i386.deb
      Size/MD5 checksum:   109866 20263d0a48a8038bff1ee6c0bf8ec145
    courier-mta_0.37.3-2.5_i386.deb
      Size/MD5 checksum:   532654 9341a09dbf24e0d39cc27a2301d74e41
    courier-pcp_0.37.3-2.5_i386.deb
      Size/MD5 checksum:    54310 8b852b2fec764b6db3f94f1a44b4c780
    courier-pop_0.37.3-2.5_i386.deb
      Size/MD5 checksum:    34922 48fb26a9e1da41b936b6a419a9dca7e6
    courier-webadmin_0.37.3-2.5_i386.deb
      Size/MD5 checksum:    25270 826167601748ac79a18e79fdbe5ed8f0
    sqwebmail_0.37.3-2.5_i386.deb
      Size/MD5 checksum:   291048 99e4a7c32cee22ff3f09cb488cf19e9c

  Intel IA-64 architecture:

    courier-authdaemon_0.37.3-2.5_ia64.deb
      Size/MD5 checksum:    75532 fd985c96ff10a1d912972cd6f4666b4e
    courier-authmysql_0.37.3-2.5_ia64.deb
      Size/MD5 checksum:    70730 6d13ea9123e3d780cd5437cab0e44143
    courier-base_0.37.3-2.5_ia64.deb
      Size/MD5 checksum:   193732 901e4322fac37fc5eca5e075d289cf69
    courier-debug_0.37.3-2.5_ia64.deb
      Size/MD5 checksum:    22978 e498781268770506d19c804cdadfb94d
    courier-imap_1.4.3-2.5_ia64.deb
      Size/MD5 checksum:   213792 3984af4ba38c9246654085819e002adc
    courier-ldap_0.37.3-2.5_ia64.deb
      Size/MD5 checksum:    87260 d82f104565736e8f777356a12f0aefc8
    courier-maildrop_0.37.3-2.5_ia64.deb
      Size/MD5 checksum:   271386 b20e0e73c9f100be3511430d1d4c7ed1
    courier-mlm_0.37.3-2.5_ia64.deb
      Size/MD5 checksum:   151730 df7ccbbf186bf7ffb818a68dd5459b2a
    courier-mta_0.37.3-2.5_ia64.deb
      Size/MD5 checksum:   966812 18d2803cdf47d692ee30e22175dbb305
    courier-pcp_0.37.3-2.5_ia64.deb
      Size/MD5 checksum:   103576 2bbb53c058852bf3f81e4e8987d16d0b
    courier-pop_0.37.3-2.5_ia64.deb
      Size/MD5 checksum:    53686 e1264084a9d713e77c04e24047f008da
    courier-webadmin_0.37.3-2.5_ia64.deb
      Size/MD5 checksum:    26002 96a9a3a67440fff167f8bef62f4504e6
    sqwebmail_0.37.3-2.5_ia64.deb
      Size/MD5 checksum:   506402 ffad7c101b54a646c4d89c676d4778b9

  HP Precision architecture:

    courier-authdaemon_0.37.3-2.5_hppa.deb
      Size/MD5 checksum:    48012 59bd76bc1c43e5eac8216fd3e8983ed2
    courier-authmysql_0.37.3-2.5_hppa.deb
      Size/MD5 checksum:    43298 8bc715bf9103e17e1fa9bf33d169b43c
    courier-base_0.37.3-2.5_hppa.deb
      Size/MD5 checksum:   130334 b8e34fbac26aa3ea8b1fee0d45ff3820
    courier-debug_0.37.3-2.5_hppa.deb
      Size/MD5 checksum:    17598 004e1260241bd04074fe60bd43728f7a
    courier-imap_1.4.3-2.5_hppa.deb
      Size/MD5 checksum:   125298 9b31fffaffe492156dd3f4f6de05af90
    courier-ldap_0.37.3-2.5_hppa.deb
      Size/MD5 checksum:    54402 7ae9874eb54804115925c17f8c98b903
    courier-maildrop_0.37.3-2.5_hppa.deb
      Size/MD5 checksum:   193554 8a67ade700101ad32e73c62243fef5c6
    courier-mlm_0.37.3-2.5_hppa.deb
      Size/MD5 checksum:   151094 85ba83d9d3658d5f6e753ebc2e86eed4
    courier-mta_0.37.3-2.5_hppa.deb
      Size/MD5 checksum:   643608 5379eb75485cb1f4e4bc1dc8446da446
    courier-pcp_0.37.3-2.5_hppa.deb
      Size/MD5 checksum:    56254 b0444f0f281c8d1bd74c20def2b4639a
    courier-pop_0.37.3-2.5_hppa.deb
      Size/MD5 checksum:    35468 7657d46decd5c2055cbc1189d109c288
    courier-webadmin_0.37.3-2.5_hppa.deb
      Size/MD5 checksum:    25234 e7043f1517ad7ae4548a5055fc1e993a
    sqwebmail_0.37.3-2.5_hppa.deb
      Size/MD5 checksum:   296520 ab690b07b19b4d5ef97ed604dfae82dd

  Motorola 680x0 architecture:

    courier-authdaemon_0.37.3-2.5_m68k.deb
      Size/MD5 checksum:    45034 95680859f63b204644e00f08405ffffb
    courier-authmysql_0.37.3-2.5_m68k.deb
      Size/MD5 checksum:    40350 86f51c0a62010f707a026771ab5bd657
    courier-base_0.37.3-2.5_m68k.deb
      Size/MD5 checksum:   124928 f0cf556dc750dca22fd57842e270f39c
    courier-debug_0.37.3-2.5_m68k.deb
      Size/MD5 checksum:    17050 124d24b0c34860b968d0b9a96ed9a37b
    courier-imap_1.4.3-2.5_m68k.deb
      Size/MD5 checksum:   114914 32e5098153f4f39602ecde2f5ffe250b
    courier-ldap_0.37.3-2.5_m68k.deb
      Size/MD5 checksum:    51132 844a43a67dcb473d0724839af82ef14f
    courier-maildrop_0.37.3-2.5_m68k.deb
      Size/MD5 checksum:   167696 c3ac20a8b63043730843db0ec9f877d2
    courier-mlm_0.37.3-2.5_m68k.deb
      Size/MD5 checksum:   105282 3c5a28fb6cb54f089fa58a4c83df9ce6
    courier-mta_0.37.3-2.5_m68k.deb
      Size/MD5 checksum:   506846 ee0f47f946393011933fa7f3cad3ac60
    courier-pcp_0.37.3-2.5_m68k.deb
      Size/MD5 checksum:    51708 c1d18f036d5856d5437b78999ebe2cf7
    courier-pop_0.37.3-2.5_m68k.deb
      Size/MD5 checksum:    33806 fc54f2110093ba596657496bfcadb809
    courier-webadmin_0.37.3-2.5_m68k.deb
      Size/MD5 checksum:    25032 a20485ac83432e91cae1f6de77a03b9c
    sqwebmail_0.37.3-2.5_m68k.deb
      Size/MD5 checksum:   271588 596bf087ff1cfcbf3fdec4e76aeff6a7

  Big endian MIPS architecture:

    courier-authdaemon_0.37.3-2.5_mips.deb
      Size/MD5 checksum:    49340 c67a6fe180b7e13b443ebf16a174f641
    courier-authmysql_0.37.3-2.5_mips.deb
      Size/MD5 checksum:    44238 335f2e4fb353f66e8b58dd9c6f0ee9bb
    courier-base_0.37.3-2.5_mips.deb
      Size/MD5 checksum:   136334 21d645f6efcb45268a7f8a92084664c2
    courier-debug_0.37.3-2.5_mips.deb
      Size/MD5 checksum:    17680 3a9b4d85866923425e5949809a1c9d2c
    courier-imap_1.4.3-2.5_mips.deb
      Size/MD5 checksum:   128024 5e10e26a97de05e94cf95ac4e2951d60
    courier-ldap_0.37.3-2.5_mips.deb
      Size/MD5 checksum:    55646 1046d11cc976584705ec528d84df046b
    courier-maildrop_0.37.3-2.5_mips.deb
      Size/MD5 checksum:   185858 5200a5564c9c67ed6c465e046123e36a
    courier-mlm_0.37.3-2.5_mips.deb
      Size/MD5 checksum:   109096 ae5086c21fb920778b44b5461b7bd1e2
    courier-mta_0.37.3-2.5_mips.deb
      Size/MD5 checksum:   606426 44e1a00e33199342f62f9694dda5887d
    courier-pcp_0.37.3-2.5_mips.deb
      Size/MD5 checksum:    57608 ca1390e98cdba845ba5dbd0a44dff0a5
    courier-pop_0.37.3-2.5_mips.deb
      Size/MD5 checksum:    37338 78279850702d3b23147d1f17923a3ddb
    courier-webadmin_0.37.3-2.5_mips.deb
      Size/MD5 checksum:    25274 eb83823472c8fa6aea66f41274daf2aa
    sqwebmail_0.37.3-2.5_mips.deb
      Size/MD5 checksum:   302506 990423a6c664f19b5e266e5d468f23f0

  Little endian MIPS architecture:

    courier-authdaemon_0.37.3-2.5_mipsel.deb
      Size/MD5 checksum:    49200 86c6b452d6fb07dd5c85b782e83b9a29
    courier-authmysql_0.37.3-2.5_mipsel.deb
      Size/MD5 checksum:    44204 67c77e4bed870ea2628708a3d7c50cf8
    courier-base_0.37.3-2.5_mipsel.deb
      Size/MD5 checksum:   136050 bbf65703895166fccd0b568a4cc154fe
    courier-debug_0.37.3-2.5_mipsel.deb
      Size/MD5 checksum:    17650 ee765264f019ced2c83645c0d28aa785
    courier-imap_1.4.3-2.5_mipsel.deb
      Size/MD5 checksum:   127316 88a87e09c8e6f3155d96af20ba0ff260
    courier-ldap_0.37.3-2.5_mipsel.deb
      Size/MD5 checksum:    55640 bb460c6c9cd59ff91146e56dc7532447
    courier-maildrop_0.37.3-2.5_mipsel.deb
      Size/MD5 checksum:   185518 1e719de00a078216a62de36ac6207603
    courier-mlm_0.37.3-2.5_mipsel.deb
      Size/MD5 checksum:   107114 898d9897a8ce611a213d450f486f0c4c
    courier-mta_0.37.3-2.5_mipsel.deb
      Size/MD5 checksum:   604836 27d70867106deacd12686c3b2a268ec4
    courier-pcp_0.37.3-2.5_mipsel.deb
      Size/MD5 checksum:    57466 035f629d23074f6d3c78478f1db7b4ae
    courier-pop_0.37.3-2.5_mipsel.deb
      Size/MD5 checksum:    37230 92c42a2c0360917f8440a1ab098a3eb7
    courier-webadmin_0.37.3-2.5_mipsel.deb
      Size/MD5 checksum:    25290 846e09132f3a13d318c41e52d00d94ac
    sqwebmail_0.37.3-2.5_mipsel.deb
      Size/MD5 checksum:   302290 a33297c170e92baf927f998746b0006b

  PowerPC architecture:

    courier-authdaemon_0.37.3-2.5_powerpc.deb
      Size/MD5 checksum:    45144 ed79b7261ded2382bb0cac69e5ed1878
    courier-authmysql_0.37.3-2.5_powerpc.deb
      Size/MD5 checksum:    40754 46530a3670a00f195d3ae97ad82ef747
    courier-base_0.37.3-2.5_powerpc.deb
      Size/MD5 checksum:   125918 a3b57587608c44c3635ca243718426f2
    courier-debug_0.37.3-2.5_powerpc.deb
      Size/MD5 checksum:    17082 419ffc46076a95084b2ad87adde135f3
    courier-imap_1.4.3-2.5_powerpc.deb
      Size/MD5 checksum:   117676 f4bad142ec7b5fee50ca3568ca185cd7
    courier-ldap_0.37.3-2.5_powerpc.deb
      Size/MD5 checksum:    50940 56e985f473f89f32208cfd5fe845bac4
    courier-maildrop_0.37.3-2.5_powerpc.deb
      Size/MD5 checksum:   172120 ad7b1e493f03632e6097e405a242463e
    courier-mlm_0.37.3-2.5_powerpc.deb
      Size/MD5 checksum:   103470 31f4e781ceffb35cff6a9c7b11313b5c
    courier-mta_0.37.3-2.5_powerpc.deb
      Size/MD5 checksum:   519284 a27119439ad9473c02c87dd53e9dfdf4
    courier-pcp_0.37.3-2.5_powerpc.deb
      Size/MD5 checksum:    52578 e5978c03341e3ee2b487a733a7fa5159
    courier-pop_0.37.3-2.5_powerpc.deb
      Size/MD5 checksum:    33966 310b3cf209ca3618ca06841d0569f2d6
    courier-webadmin_0.37.3-2.5_powerpc.deb
      Size/MD5 checksum:    25006 b2a35087012c3cae38c4ea6416d36c85
    sqwebmail_0.37.3-2.5_powerpc.deb
      Size/MD5 checksum:   279076 c583bd2d8ed9d4b4106bf30d8856934f

  IBM S/390 architecture:

    courier-authdaemon_0.37.3-2.5_s390.deb
      Size/MD5 checksum:    47014 c29d58715c1d32be66ada40800b67212
    courier-authmysql_0.37.3-2.5_s390.deb
      Size/MD5 checksum:    42256 9a7ecbe92866d8505580d86f8e2a86aa
    courier-base_0.37.3-2.5_s390.deb
      Size/MD5 checksum:   129542 2b61b817fa52cd2c04dd9b032e286a21
    courier-debug_0.37.3-2.5_s390.deb
      Size/MD5 checksum:    17852 4f9c337dae8bc1b18f7a0017ac840661
    courier-imap_1.4.3-2.5_s390.deb
      Size/MD5 checksum:   118528 2f2829c069e30c149c49076faad5b6cb
    courier-ldap_0.37.3-2.5_s390.deb
      Size/MD5 checksum:    53658 bd083a4b24fc63b070e094d4a1cb39d3
    courier-maildrop_0.37.3-2.5_s390.deb
      Size/MD5 checksum:   169812 0bb558158fd50d4aaf01e7d84d7e5a4f
    courier-mlm_0.37.3-2.5_s390.deb
      Size/MD5 checksum:    99098 d645ed55468c77f86a3efebedbf7a1e5
    courier-mta_0.37.3-2.5_s390.deb
      Size/MD5 checksum:   536130 9e3333384c1dc8e315dbbb5ddc2c41a0
    courier-pcp_0.37.3-2.5_s390.deb
      Size/MD5 checksum:    54170 72ecda2077188b8d174dfd30e8d99018
    courier-pop_0.37.3-2.5_s390.deb
      Size/MD5 checksum:    35298 9fec5f24b6220a6b80da2fa437fecca1
    courier-webadmin_0.37.3-2.5_s390.deb
      Size/MD5 checksum:    25320 a2b8ae8b18474766cd3de5405f6653aa
    sqwebmail_0.37.3-2.5_s390.deb
      Size/MD5 checksum:   281392 80c88d5e3dc3ab6f2a8e1daf73eb9bf3

  Sun Sparc architecture:

    courier-authdaemon_0.37.3-2.5_sparc.deb
      Size/MD5 checksum:    48402 062eac7db89181d65296f91ddc1b9150
    courier-authmysql_0.37.3-2.5_sparc.deb
      Size/MD5 checksum:    41684 9f2ba0a018fc083691012b458ec66abc
    courier-base_0.37.3-2.5_sparc.deb
      Size/MD5 checksum:   141740 1c4c6fea5780a2ee315fa1650f146cb8
    courier-debug_0.37.3-2.5_sparc.deb
      Size/MD5 checksum:    17300 2138bdba75342e5577cac68ae69bb89a
    courier-imap_1.4.3-2.5_sparc.deb
      Size/MD5 checksum:   124386 fae3f0db827ee4fba04009b0fa49ec34
    courier-ldap_0.37.3-2.5_sparc.deb
      Size/MD5 checksum:    54330 df1b1e862f4cabb20a8306357ed3439f
    courier-maildrop_0.37.3-2.5_sparc.deb
      Size/MD5 checksum:   178662 3fa399711509474a10cda71a0f20b1c7
    courier-mlm_0.37.3-2.5_sparc.deb
      Size/MD5 checksum:   103756 5dc0ee4b683f1605ecfcc28b0b4d1950
    courier-mta_0.37.3-2.5_sparc.deb
      Size/MD5 checksum:   580134 f95c64f99f63c2f3f0614a56d29a9758
    courier-pcp_0.37.3-2.5_sparc.deb
      Size/MD5 checksum:    55452 f15f011b23afdea6b61f3e3c5691ed35
    courier-pop_0.37.3-2.5_sparc.deb
      Size/MD5 checksum:    41860 ca595299aefee05022100bdad058a044
    courier-webadmin_0.37.3-2.5_sparc.deb
      Size/MD5 checksum:    27896 3f9f4526b98a77e8c60fe189d9b2ff38
    sqwebmail_0.37.3-2.5_sparc.deb
      Size/MD5 checksum:   287708 72b1244ea916d4bccd02944f55ec1cfd

  These files will probably be moved into the stable distribution on
  its next revision.

--------------------------------------------------------------------------------
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBAJIFArxCt0PiXR4RAqMgAJ9aGHU9+h7hGoSqfhex1neprMSvmwCfR1+u
7wFuSDKIz3td898FCu0J8PI=
=dLeH
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
 listmaster@lists.debian.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung