A squirrelmail update has been released for Debian GNU/Linux
- ------------------------------------------------------------------------- Debian Security Advisory DSA-2291-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst August 8, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : squirrelmail Vulnerability : various Problem type : remote Debian-specific: no CVE ID : CVE-2010-4554 CVE-2010-4555 CVE-2011-2023 CVE-2011-2752 CVE-2011-2753 Various vulnerabilities have been found in SquirrelMail, a webmail application. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2010-4554 SquirrelMail did not prevent page rendering inside a third-party HTML frame, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. CVE-2010-4555, CVE-2011-2752, CVE-2011-2753 Multiple small bugs in SquirrelMail allowed an attacker to inject malicious script into various pages or alter the contents of user preferences. CVE-2011-2023 It was possible to inject arbitrary web script or HTML via a crafted STYLE element in an HTML part of an e-mail message. For the oldstable distribution (lenny), this problem has been fixed in version 1.4.15-4+lenny5. For the stable distribution (squeeze), this problem has been fixed in version 1.4.21-2. For the testing (wheezy) and unstable distribution (sid), these problems have been fixed in version 1.4.22-1. We recommend that you upgrade your squirrelmail packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
This entry was posted
on 3:18 PM
.
Archives
-
▼
2011
(171)
-
▼
August
(31)
- Open-frame panel PCs target ATMs, kiosks
- Arch Linux moves up to Linux 3.0
- Fujitsu's Android tablet is ready for bathtub readers
- Galaxy line gains four new Android 2.3 phones, new...
- Vehicle PC's claimed to boot in five seconds
- Embedded controller's manageable even without OS i...
- PHP 5.3.8 Packages for Debian 6.0
- First NFC-ready Android tablets debut
- Serious Crypto Bug Found in PHP 5.3.7
- Kloxo 6.1.7 pre-release available
- PlayOnLinux 4.0 released
- Linux founder Torvalds takes a swipe at ARM
- GNOME-Designer Jon McCann about the future of GNOME3
- Xen Cloud Platform (XCP) - Review & tutorial
- Acer releases seven-inch Android 3.2 tablet for $330
- ATX board offers RAID, Sandy Bridge Core processors
- Mini-ITX board has quad-core Xeon, RAID support
- Compact Atom PC's easy to hide away
- The IBM PC's birthday, vacuum tubes, and why table...
- CompatDB Updates 08/12/11
- Thunderbird Confirmed as Default Mail App For Ubun...
- Squirrelmail security update for Debian
- Installing Dovecot and Squirrelmail in CentOS & Sc...
- Firefox 6.0 Beta 5 released
- Up to a million Android users affected by malware,...
- Huawei serves up a curvy Gingerbread phone
- Linus Torvalds Not a Fan of Gnome 3
- LibreOffice 3.4.2 released
- Kernel Update for RHEL 6
- Installing Subversion & Enabling Access Via Differ...
- Mesa 7.11 Brings Much-Needed Linux Graphics Driver...
-
▼
August
(31)