drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in Squirrelmail
Name: |
Preisgabe von Informationen in Squirrelmail |
|
ID: |
DSA-4168-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian jessie |
|
Datum: |
So, 8. April 2018, 13:58 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8741 |
|
Applikationen: |
Squirrelmail |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4168-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 08, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : squirrelmail CVE ID : CVE-2018-8741 Debian Bug : 893202
Florian Grunow und Birk Kauer of ERNW discovered a path traversal vulnerability in SquirrelMail, a webmail application, allowing an authenticated remote attacker to retrieve or delete arbitrary files via mail attachment.
For the oldstable distribution (jessie), this problem has been fixed in version 2:1.4.23~svn20120406-2+deb8u2.
We recommend that you upgrade your squirrelmail packages.
For the detailed security status of squirrelmail please refer to its security tracker page at: https://security-tracker.debian.org/tracker/squirrelmail
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlrJyshfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0ROLQ/+ILcsLCgwuYN0h2hldhFLOFbleNYkFzuqlg3ZDEfdE0YrmwimHYntN6oe GFc6PKMXap74rBOEcZY98oPvj3HIHQAur5+PTi09dfNyXC/ninmro7jPUE+23R7+ dMNEsI/w4wFzx9LjFHyfi6BWvxlZ9+IpGbZzaEVwM0AnGB0YTuDqzISlbRqXp+Ed 9xT09JTBpALzjqIt11gnJBh14hBz7egoVFXsklSVOx/sa/FwDKH7m/ksmJdFtBNB TaVqeLZxxLKVK04Zu8eb9O0LhdddMNR4x51/yN6xNihDoKAGBAI6NsJsxtaUuNj/ b3KrFAXm+m6NOwrEh3EM0xWmc1QMsDpxSyS8CHvTSsOQRKoKa7jOViOtygBauY4p ByZnRj6+hgTp2qBFJ1f4v5sm+ZHfHfoD3GFLHvyPWze6ioUg0IY02Qwk+WYwkJW8 Oiau0C2419WINbgmtQNRd6ZZ7lNXsOMwScVI7xUybhBUhgaoylFa0RifcckgBObE mDsOE6ltaytGFAX0ooNAJBbCYW9irQCpvCoB+krKb6S5z5Dg2/W6syizm6scQdyI MW1RgTxrJB5FYagI06aBcmYl4fSFMGJG0qJL3vhPE9Y9oiV+NmST8uo6TaUMsHLE 6DEUbCI4+zG5/kFw0vQW7u27An/p+2410rD+9L+4GJfDoqBbkLc= =zgnB -----END PGP SIGNATURE-----
|
|
|
|