[ MDKSA-2006:226 ] - Updated squirrelmail packages fix vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [ MDKSA-2006:226 ] - Updated squirrelmail packages fix vulnerabilities
From: security@xxxxxxxxxxxx
Date: Mon, 11 Dec 2006 10:50:00 -0700
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: <xsecurity@xxxxxxxxxxxx>
Sender: QATeam User <qateam@xxxxxxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:226
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : squirrelmail
 Date    : December 11, 2006
 Affected: Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail
 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web
 script or HTML via the (1) mailto parameter in (a) webmail.php, the (2)
 session and (3) delete_draft parameters in (b) compose.php, and (4)
 unspecified vectors involving "a shortcoming in the magicHTML filter."

 Updated packages are patched to address these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6142
 _______________________________________________________________________
 
 Updated Packages:
 
 Corporate 3.0:
 fdd1baf652c58196f2b538b389bec65f  
corporate/3.0/i586/squirrelmail-1.4.5-1.5.C30mdk.noarch.rpm
 89d39b6fc6a73d84feeb9f3deb458d0a  
corporate/3.0/i586/squirrelmail-poutils-1.4.5-1.5.C30mdk.noarch.rpm 
 d4de921727ae29bba7221a3e93d487bc  
corporate/3.0/SRPMS/squirrelmail-1.4.5-1.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 ba27570deb04e7ff3400a280bbe75d52  
corporate/3.0/x86_64/squirrelmail-1.4.5-1.5.C30mdk.noarch.rpm
 276acc4e766908c326321cd214abd341  
corporate/3.0/x86_64/squirrelmail-poutils-1.4.5-1.5.C30mdk.noarch.rpm 
 d4de921727ae29bba7221a3e93d487bc  
corporate/3.0/SRPMS/squirrelmail-1.4.5-1.5.C30mdk.src.rpm

 Corporate 4.0:
 9503ad05873246568977df58ddc01e96  
corporate/4.0/i586/squirrelmail-1.4.8-3.1.20060mlcs4.noarch.rpm
 15d7cc5cf7b4f377c989dbfdfde9bc3a  
corporate/4.0/i586/squirrelmail-ar-1.4.8-3.1.20060mlcs4.noarch.rpm
 cbb2b592b960ee18160b0545bd01b11b  
corporate/4.0/i586/squirrelmail-bg-1.4.8-3.1.20060mlcs4.noarch.rpm
 823a98906ea456700be9f9301c03d3ca  
corporate/4.0/i586/squirrelmail-bn-1.4.8-3.1.20060mlcs4.noarch.rpm
 da53ecb3b61aacb38d9091416be2ad56  
corporate/4.0/i586/squirrelmail-ca-1.4.8-3.1.20060mlcs4.noarch.rpm
 a678e3d9380e1ab15f7232f64a4eb968  
corporate/4.0/i586/squirrelmail-cs-1.4.8-3.1.20060mlcs4.noarch.rpm
 f8b349923a77d8b844aa8ec86a63271d  
corporate/4.0/i586/squirrelmail-cy-1.4.8-3.1.20060mlcs4.noarch.rpm
 276bd5cfb76328244e1359e5026b5d6b  
corporate/4.0/i586/squirrelmail-cyrus-1.4.8-3.1.20060mlcs4.noarch.rpm
 39a5d34d477eb4ebe60e3a70c67f52e5  
corporate/4.0/i586/squirrelmail-da-1.4.8-3.1.20060mlcs4.noarch.rpm
 993a2c910c67f3c91723c2d4a0813f9c  
corporate/4.0/i586/squirrelmail-de-1.4.8-3.1.20060mlcs4.noarch.rpm
 06f4e571aba0928134506bd2a9198932  
corporate/4.0/i586/squirrelmail-el-1.4.8-3.1.20060mlcs4.noarch.rpm
 63ec92841ad90c70dae9d64e72c82662  
corporate/4.0/i586/squirrelmail-en-1.4.8-3.1.20060mlcs4.noarch.rpm
 d8e5a906d6e759ae19ff100690ec5e63  
corporate/4.0/i586/squirrelmail-es-1.4.8-3.1.20060mlcs4.noarch.rpm
 385f47aa4d9812a0a7d75a9db33b18b9  
corporate/4.0/i586/squirrelmail-et-1.4.8-3.1.20060mlcs4.noarch.rpm
 39fe314ed16fda2f4d342dc7f45271a4  
corporate/4.0/i586/squirrelmail-eu-1.4.8-3.1.20060mlcs4.noarch.rpm
 2959c6d41637880844da2a4b928ab3ea  
corporate/4.0/i586/squirrelmail-fa-1.4.8-3.1.20060mlcs4.noarch.rpm
 0f26c752ebe55b741da49ffc8e7df910  
corporate/4.0/i586/squirrelmail-fi-1.4.8-3.1.20060mlcs4.noarch.rpm
 fb53b2054f25f65f75529a4500adb05e  
corporate/4.0/i586/squirrelmail-fo-1.4.8-3.1.20060mlcs4.noarch.rpm
 52204b63d7536a948aefe250b075ab4b  
corporate/4.0/i586/squirrelmail-fr-1.4.8-3.1.20060mlcs4.noarch.rpm
 c877a11c38c60fa0664b425190d73e6b  
corporate/4.0/i586/squirrelmail-he-1.4.8-3.1.20060mlcs4.noarch.rpm
 59aac3b1912c3da62b3b721361db620b  
corporate/4.0/i586/squirrelmail-hr-1.4.8-3.1.20060mlcs4.noarch.rpm
 91fa54fde44d76216b3195a6e6e7f1a4  
corporate/4.0/i586/squirrelmail-hu-1.4.8-3.1.20060mlcs4.noarch.rpm
 8ad5805c6e351ae6fa6fbb53b13cb4de  
corporate/4.0/i586/squirrelmail-id-1.4.8-3.1.20060mlcs4.noarch.rpm
 af76a96cd2f1376eae5c1bf2f3d1f65b  
corporate/4.0/i586/squirrelmail-is-1.4.8-3.1.20060mlcs4.noarch.rpm
 7b1f3d4cdcf063b1e8b5f308e217e554  
corporate/4.0/i586/squirrelmail-it-1.4.8-3.1.20060mlcs4.noarch.rpm
 bc1f13031e7155bca253f5835ae0c90c  
corporate/4.0/i586/squirrelmail-ja-1.4.8-3.1.20060mlcs4.noarch.rpm
 a4f516f21f2036e89484dafe9d3d1a6c  
corporate/4.0/i586/squirrelmail-ka-1.4.8-3.1.20060mlcs4.noarch.rpm
 0e9b7214f5ce67f1a7b55d0bd196d814  
corporate/4.0/i586/squirrelmail-ko-1.4.8-3.1.20060mlcs4.noarch.rpm
 35a4bc3bf9161ffc3d10c5e4aed52877  
corporate/4.0/i586/squirrelmail-lt-1.4.8-3.1.20060mlcs4.noarch.rpm
 75b9963fa101cb2c71831ce4dd4e7f33  
corporate/4.0/i586/squirrelmail-ms-1.4.8-3.1.20060mlcs4.noarch.rpm
 ef4f24c8f94cb9e6384a35a556de256e  
corporate/4.0/i586/squirrelmail-nb-1.4.8-3.1.20060mlcs4.noarch.rpm
 4d2b35b6527db41eec54c917dd44ba01  
corporate/4.0/i586/squirrelmail-nl-1.4.8-3.1.20060mlcs4.noarch.rpm
 5db7bfef8a1ccfd7b2e5d57ca119a7e0  
corporate/4.0/i586/squirrelmail-nn-1.4.8-3.1.20060mlcs4.noarch.rpm
 afe1da824ed5c25db8046b4ddc2389d8  
corporate/4.0/i586/squirrelmail-pl-1.4.8-3.1.20060mlcs4.noarch.rpm
 b22b1fbf3a474983d017a164d737bba9  
corporate/4.0/i586/squirrelmail-poutils-1.4.8-3.1.20060mlcs4.noarch.rpm
 9ca9b100b0649843e2f17ef33c69a3a2  
corporate/4.0/i586/squirrelmail-pt-1.4.8-3.1.20060mlcs4.noarch.rpm
 780fff6991d9116971c35ec2fa378d90  
corporate/4.0/i586/squirrelmail-ro-1.4.8-3.1.20060mlcs4.noarch.rpm
 99cad9c5a0c26db2c6698f1a9b6ed804  
corporate/4.0/i586/squirrelmail-ru-1.4.8-3.1.20060mlcs4.noarch.rpm
 e074101cbddda0086eb8628528218abd  
corporate/4.0/i586/squirrelmail-sk-1.4.8-3.1.20060mlcs4.noarch.rpm
 9c856a8fa088e9e5e8dc28a7c087b4d2  
corporate/4.0/i586/squirrelmail-sl-1.4.8-3.1.20060mlcs4.noarch.rpm
 9e8d04ac9b1c7c089055572e486fffa8  
corporate/4.0/i586/squirrelmail-sr-1.4.8-3.1.20060mlcs4.noarch.rpm
 ee4c5f91c8065ff407aea103bb20e024  
corporate/4.0/i586/squirrelmail-sv-1.4.8-3.1.20060mlcs4.noarch.rpm
 93267f0d3add91d9fa71e2f1680a89f3  
corporate/4.0/i586/squirrelmail-th-1.4.8-3.1.20060mlcs4.noarch.rpm
 8614c64008b94ad139fdd3336421c920  
corporate/4.0/i586/squirrelmail-tl-1.4.8-3.1.20060mlcs4.noarch.rpm
 4a6fbf0245470d9fcf5072ae77ac4eef  
corporate/4.0/i586/squirrelmail-tr-1.4.8-3.1.20060mlcs4.noarch.rpm
 3f2f133c3d0cacecadefc7648aae6c0d  
corporate/4.0/i586/squirrelmail-ug-1.4.8-3.1.20060mlcs4.noarch.rpm
 2b836169ca514af3ded1383d027cd170  
corporate/4.0/i586/squirrelmail-uk-1.4.8-3.1.20060mlcs4.noarch.rpm
 46390f41d8942b9ca14c5cc81898a00f  
corporate/4.0/i586/squirrelmail-vi-1.4.8-3.1.20060mlcs4.noarch.rpm
 930c18bdca20d0b1a65728b255a71f96  
corporate/4.0/i586/squirrelmail-zh_CN-1.4.8-3.1.20060mlcs4.noarch.rpm
 5dc8559e99284aff1e482457a0d1ed3d  
corporate/4.0/i586/squirrelmail-zh_TW-1.4.8-3.1.20060mlcs4.noarch.rpm 
 b134bb2e680863641a457b9478b59390  
corporate/4.0/SRPMS/squirrelmail-1.4.8-3.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 c2b0dd3acf47652ac205c2e0b3be24a9  
corporate/4.0/x86_64/squirrelmail-1.4.8-3.1.20060mlcs4.noarch.rpm
 0820ee17a848c6acc42444df660f9ac3  
corporate/4.0/x86_64/squirrelmail-ar-1.4.8-3.1.20060mlcs4.noarch.rpm
 f372ff44ac3ac7ea668b57607897f694  
corporate/4.0/x86_64/squirrelmail-bg-1.4.8-3.1.20060mlcs4.noarch.rpm
 a5bd987ea5051a5f3e81af1461a832ed  
corporate/4.0/x86_64/squirrelmail-bn-1.4.8-3.1.20060mlcs4.noarch.rpm
 7be52eb4a430b2468d658edc54ea046f  
corporate/4.0/x86_64/squirrelmail-ca-1.4.8-3.1.20060mlcs4.noarch.rpm
 c84b32819f87050a562b045b0c48e53e  
corporate/4.0/x86_64/squirrelmail-cs-1.4.8-3.1.20060mlcs4.noarch.rpm
 83cc2f2456de5579301ad5c0e4c120be  
corporate/4.0/x86_64/squirrelmail-cy-1.4.8-3.1.20060mlcs4.noarch.rpm
 de4aa16075840a7b7e07f1fe78ba93cb  
corporate/4.0/x86_64/squirrelmail-cyrus-1.4.8-3.1.20060mlcs4.noarch.rpm
 a43d22f7c65980cfed004909bbb30eab  
corporate/4.0/x86_64/squirrelmail-da-1.4.8-3.1.20060mlcs4.noarch.rpm
 2358f02f874cce70b2c3981f56cbbf32  
corporate/4.0/x86_64/squirrelmail-de-1.4.8-3.1.20060mlcs4.noarch.rpm
 eabb1921968805c7cbf22798fcebc7af  
corporate/4.0/x86_64/squirrelmail-el-1.4.8-3.1.20060mlcs4.noarch.rpm
 a43fb652af55cadf50258136fdeb2d74  
corporate/4.0/x86_64/squirrelmail-en-1.4.8-3.1.20060mlcs4.noarch.rpm
 4500d031b892b441f433746336c7dcf0  
corporate/4.0/x86_64/squirrelmail-es-1.4.8-3.1.20060mlcs4.noarch.rpm
 58cb4546b05efac31f3a64e1014095ee  
corporate/4.0/x86_64/squirrelmail-et-1.4.8-3.1.20060mlcs4.noarch.rpm
 dcf6ae26d69ade7fc454625046129360  
corporate/4.0/x86_64/squirrelmail-eu-1.4.8-3.1.20060mlcs4.noarch.rpm
 ef5cf4b334635291e9a510bb9ed794eb  
corporate/4.0/x86_64/squirrelmail-fa-1.4.8-3.1.20060mlcs4.noarch.rpm
 40b9915e723a0f573f1572cffaf03bf4  
corporate/4.0/x86_64/squirrelmail-fi-1.4.8-3.1.20060mlcs4.noarch.rpm
 0bfa396c60e5cf6a47229f69c9b337a1  
corporate/4.0/x86_64/squirrelmail-fo-1.4.8-3.1.20060mlcs4.noarch.rpm
 bea0e3c16887a984a6f8fd7084d27db6  
corporate/4.0/x86_64/squirrelmail-fr-1.4.8-3.1.20060mlcs4.noarch.rpm
 43059bc5bc5c91e5414946b34eda580c  
corporate/4.0/x86_64/squirrelmail-he-1.4.8-3.1.20060mlcs4.noarch.rpm
 dba3a65e08dd093bd9f6865f403aca06  
corporate/4.0/x86_64/squirrelmail-hr-1.4.8-3.1.20060mlcs4.noarch.rpm
 a97490f955480bb90321b5a96653f228  
corporate/4.0/x86_64/squirrelmail-hu-1.4.8-3.1.20060mlcs4.noarch.rpm
 0211d99cc8a5ed9385f3d0a59f8a5f1b  
corporate/4.0/x86_64/squirrelmail-id-1.4.8-3.1.20060mlcs4.noarch.rpm
 6db9f5d3699dc30d5abf17bbf3367161  
corporate/4.0/x86_64/squirrelmail-is-1.4.8-3.1.20060mlcs4.noarch.rpm
 53029ee9fc829a6b4c20007fc8e15d99  
corporate/4.0/x86_64/squirrelmail-it-1.4.8-3.1.20060mlcs4.noarch.rpm
 1e7fbb15fe44df99d88732a11765c460  
corporate/4.0/x86_64/squirrelmail-ja-1.4.8-3.1.20060mlcs4.noarch.rpm
 f65f1c05de5b647f503e7e1b203171d7  
corporate/4.0/x86_64/squirrelmail-ka-1.4.8-3.1.20060mlcs4.noarch.rpm
 fe1d25b5ad531f90cf05af7c293a645f  
corporate/4.0/x86_64/squirrelmail-ko-1.4.8-3.1.20060mlcs4.noarch.rpm
 144bfe711e3effd39cfc6e410ca9af0d  
corporate/4.0/x86_64/squirrelmail-lt-1.4.8-3.1.20060mlcs4.noarch.rpm
 91d2336ef151704e2e7695d7637a989f  
corporate/4.0/x86_64/squirrelmail-ms-1.4.8-3.1.20060mlcs4.noarch.rpm
 6c450896ce137fd1220658857e7fa7ee  
corporate/4.0/x86_64/squirrelmail-nb-1.4.8-3.1.20060mlcs4.noarch.rpm
 f6c1404ec21d6bc6ddba5a720fe7d2ef  
corporate/4.0/x86_64/squirrelmail-nl-1.4.8-3.1.20060mlcs4.noarch.rpm
 5c289717bc9518ba1133d6e91b5e5a77  
corporate/4.0/x86_64/squirrelmail-nn-1.4.8-3.1.20060mlcs4.noarch.rpm
 f459bf2f55c0733d63ce96eb365b9d22  
corporate/4.0/x86_64/squirrelmail-pl-1.4.8-3.1.20060mlcs4.noarch.rpm
 e0a44506bb0f05f0443155b0faf19443  
corporate/4.0/x86_64/squirrelmail-poutils-1.4.8-3.1.20060mlcs4.noarch.rpm
 6f0b27637a7208b118bb7b9e06b477dd  
corporate/4.0/x86_64/squirrelmail-pt-1.4.8-3.1.20060mlcs4.noarch.rpm
 9bfcb50cecb0ab7e32bd768b03692a0a  
corporate/4.0/x86_64/squirrelmail-ro-1.4.8-3.1.20060mlcs4.noarch.rpm
 d8093092134cc585726dd979efb4b651  
corporate/4.0/x86_64/squirrelmail-ru-1.4.8-3.1.20060mlcs4.noarch.rpm
 1c374b54c33289b2dcb0b237b3f133f5  
corporate/4.0/x86_64/squirrelmail-sk-1.4.8-3.1.20060mlcs4.noarch.rpm
 bc93e042ec8afc9c72dda75f31099b49  
corporate/4.0/x86_64/squirrelmail-sl-1.4.8-3.1.20060mlcs4.noarch.rpm
 6e0c7da453b631024cbbeb7e12e7ba5c  
corporate/4.0/x86_64/squirrelmail-sr-1.4.8-3.1.20060mlcs4.noarch.rpm
 aa294e3ad85a698dd3c34777d4da7903  
corporate/4.0/x86_64/squirrelmail-sv-1.4.8-3.1.20060mlcs4.noarch.rpm
 e603484d002b57e8a021ac28de0b3179  
corporate/4.0/x86_64/squirrelmail-th-1.4.8-3.1.20060mlcs4.noarch.rpm
 c5f7e2607f8b5113af875c53628cbc19  
corporate/4.0/x86_64/squirrelmail-tl-1.4.8-3.1.20060mlcs4.noarch.rpm
 7182b852259c4be5e537418ec5b2305a  
corporate/4.0/x86_64/squirrelmail-tr-1.4.8-3.1.20060mlcs4.noarch.rpm
 56a78e1547cab2d3b7efcccb35d7b010  
corporate/4.0/x86_64/squirrelmail-ug-1.4.8-3.1.20060mlcs4.noarch.rpm
 abe4dbdd1dad7b5adb246195f1e0178b  
corporate/4.0/x86_64/squirrelmail-uk-1.4.8-3.1.20060mlcs4.noarch.rpm
 e871bd1da833d961cd62eba52a383354  
corporate/4.0/x86_64/squirrelmail-vi-1.4.8-3.1.20060mlcs4.noarch.rpm
 508e5df69a92f5759545e7279f5d729b  
corporate/4.0/x86_64/squirrelmail-zh_CN-1.4.8-3.1.20060mlcs4.noarch.rpm
 ec8c34458856e9b6aaefcdd5453dcb5e  
corporate/4.0/x86_64/squirrelmail-zh_TW-1.4.8-3.1.20060mlcs4.noarch.rpm 
 b134bb2e680863641a457b9478b59390  
corporate/4.0/SRPMS/squirrelmail-1.4.8-3.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFfW5wmqjQ0CJFipgRAvoRAJ9tgXJ7SymXjCVfv2XJoMBaPybpbQCeOOZb
DtlfBAINiPFQINRoofLhzLg=
=zXcQ
-----END PGP SIGNATURE-----
Prev by Date: [ GLSA 200612-09 ] MadWifi: Kernel driver buffer overflow
Next by Date: RFIDIOt release - version 0.1i
Previous by thread: [ GLSA 200612-09 ] MadWifi: Kernel driver buffer overflow
Next by thread: RFIDIOt release - version 0.1i
Index(es):
- Date
- Thread