[ MDKSA-2006:226 ] - Updated squirrelmail packages fix vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:226
http://www.mandriva.com/security/
_______________________________________________________________________
Package : squirrelmail
Date : December 11, 2006
Affected: Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail
1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web
script or HTML via the (1) mailto parameter in (a) webmail.php, the (2)
session and (3) delete_draft parameters in (b) compose.php, and (4)
unspecified vectors involving "a shortcoming in the magicHTML filter."
Updated packages are patched to address these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6142
_______________________________________________________________________
Updated Packages:
Corporate 3.0:
fdd1baf652c58196f2b538b389bec65f
corporate/3.0/i586/squirrelmail-1.4.5-1.5.C30mdk.noarch.rpm
89d39b6fc6a73d84feeb9f3deb458d0a
corporate/3.0/i586/squirrelmail-poutils-1.4.5-1.5.C30mdk.noarch.rpm
d4de921727ae29bba7221a3e93d487bc
corporate/3.0/SRPMS/squirrelmail-1.4.5-1.5.C30mdk.src.rpm
Corporate 3.0/X86_64:
ba27570deb04e7ff3400a280bbe75d52
corporate/3.0/x86_64/squirrelmail-1.4.5-1.5.C30mdk.noarch.rpm
276acc4e766908c326321cd214abd341
corporate/3.0/x86_64/squirrelmail-poutils-1.4.5-1.5.C30mdk.noarch.rpm
d4de921727ae29bba7221a3e93d487bc
corporate/3.0/SRPMS/squirrelmail-1.4.5-1.5.C30mdk.src.rpm
Corporate 4.0:
9503ad05873246568977df58ddc01e96
corporate/4.0/i586/squirrelmail-1.4.8-3.1.20060mlcs4.noarch.rpm
15d7cc5cf7b4f377c989dbfdfde9bc3a
corporate/4.0/i586/squirrelmail-ar-1.4.8-3.1.20060mlcs4.noarch.rpm
cbb2b592b960ee18160b0545bd01b11b
corporate/4.0/i586/squirrelmail-bg-1.4.8-3.1.20060mlcs4.noarch.rpm
823a98906ea456700be9f9301c03d3ca
corporate/4.0/i586/squirrelmail-bn-1.4.8-3.1.20060mlcs4.noarch.rpm
da53ecb3b61aacb38d9091416be2ad56
corporate/4.0/i586/squirrelmail-ca-1.4.8-3.1.20060mlcs4.noarch.rpm
a678e3d9380e1ab15f7232f64a4eb968
corporate/4.0/i586/squirrelmail-cs-1.4.8-3.1.20060mlcs4.noarch.rpm
f8b349923a77d8b844aa8ec86a63271d
corporate/4.0/i586/squirrelmail-cy-1.4.8-3.1.20060mlcs4.noarch.rpm
276bd5cfb76328244e1359e5026b5d6b
corporate/4.0/i586/squirrelmail-cyrus-1.4.8-3.1.20060mlcs4.noarch.rpm
39a5d34d477eb4ebe60e3a70c67f52e5
corporate/4.0/i586/squirrelmail-da-1.4.8-3.1.20060mlcs4.noarch.rpm
993a2c910c67f3c91723c2d4a0813f9c
corporate/4.0/i586/squirrelmail-de-1.4.8-3.1.20060mlcs4.noarch.rpm
06f4e571aba0928134506bd2a9198932
corporate/4.0/i586/squirrelmail-el-1.4.8-3.1.20060mlcs4.noarch.rpm
63ec92841ad90c70dae9d64e72c82662
corporate/4.0/i586/squirrelmail-en-1.4.8-3.1.20060mlcs4.noarch.rpm
d8e5a906d6e759ae19ff100690ec5e63
corporate/4.0/i586/squirrelmail-es-1.4.8-3.1.20060mlcs4.noarch.rpm
385f47aa4d9812a0a7d75a9db33b18b9
corporate/4.0/i586/squirrelmail-et-1.4.8-3.1.20060mlcs4.noarch.rpm
39fe314ed16fda2f4d342dc7f45271a4
corporate/4.0/i586/squirrelmail-eu-1.4.8-3.1.20060mlcs4.noarch.rpm
2959c6d41637880844da2a4b928ab3ea
corporate/4.0/i586/squirrelmail-fa-1.4.8-3.1.20060mlcs4.noarch.rpm
0f26c752ebe55b741da49ffc8e7df910
corporate/4.0/i586/squirrelmail-fi-1.4.8-3.1.20060mlcs4.noarch.rpm
fb53b2054f25f65f75529a4500adb05e
corporate/4.0/i586/squirrelmail-fo-1.4.8-3.1.20060mlcs4.noarch.rpm
52204b63d7536a948aefe250b075ab4b
corporate/4.0/i586/squirrelmail-fr-1.4.8-3.1.20060mlcs4.noarch.rpm
c877a11c38c60fa0664b425190d73e6b
corporate/4.0/i586/squirrelmail-he-1.4.8-3.1.20060mlcs4.noarch.rpm
59aac3b1912c3da62b3b721361db620b
corporate/4.0/i586/squirrelmail-hr-1.4.8-3.1.20060mlcs4.noarch.rpm
91fa54fde44d76216b3195a6e6e7f1a4
corporate/4.0/i586/squirrelmail-hu-1.4.8-3.1.20060mlcs4.noarch.rpm
8ad5805c6e351ae6fa6fbb53b13cb4de
corporate/4.0/i586/squirrelmail-id-1.4.8-3.1.20060mlcs4.noarch.rpm
af76a96cd2f1376eae5c1bf2f3d1f65b
corporate/4.0/i586/squirrelmail-is-1.4.8-3.1.20060mlcs4.noarch.rpm
7b1f3d4cdcf063b1e8b5f308e217e554
corporate/4.0/i586/squirrelmail-it-1.4.8-3.1.20060mlcs4.noarch.rpm
bc1f13031e7155bca253f5835ae0c90c
corporate/4.0/i586/squirrelmail-ja-1.4.8-3.1.20060mlcs4.noarch.rpm
a4f516f21f2036e89484dafe9d3d1a6c
corporate/4.0/i586/squirrelmail-ka-1.4.8-3.1.20060mlcs4.noarch.rpm
0e9b7214f5ce67f1a7b55d0bd196d814
corporate/4.0/i586/squirrelmail-ko-1.4.8-3.1.20060mlcs4.noarch.rpm
35a4bc3bf9161ffc3d10c5e4aed52877
corporate/4.0/i586/squirrelmail-lt-1.4.8-3.1.20060mlcs4.noarch.rpm
75b9963fa101cb2c71831ce4dd4e7f33
corporate/4.0/i586/squirrelmail-ms-1.4.8-3.1.20060mlcs4.noarch.rpm
ef4f24c8f94cb9e6384a35a556de256e
corporate/4.0/i586/squirrelmail-nb-1.4.8-3.1.20060mlcs4.noarch.rpm
4d2b35b6527db41eec54c917dd44ba01
corporate/4.0/i586/squirrelmail-nl-1.4.8-3.1.20060mlcs4.noarch.rpm
5db7bfef8a1ccfd7b2e5d57ca119a7e0
corporate/4.0/i586/squirrelmail-nn-1.4.8-3.1.20060mlcs4.noarch.rpm
afe1da824ed5c25db8046b4ddc2389d8
corporate/4.0/i586/squirrelmail-pl-1.4.8-3.1.20060mlcs4.noarch.rpm
b22b1fbf3a474983d017a164d737bba9
corporate/4.0/i586/squirrelmail-poutils-1.4.8-3.1.20060mlcs4.noarch.rpm
9ca9b100b0649843e2f17ef33c69a3a2
corporate/4.0/i586/squirrelmail-pt-1.4.8-3.1.20060mlcs4.noarch.rpm
780fff6991d9116971c35ec2fa378d90
corporate/4.0/i586/squirrelmail-ro-1.4.8-3.1.20060mlcs4.noarch.rpm
99cad9c5a0c26db2c6698f1a9b6ed804
corporate/4.0/i586/squirrelmail-ru-1.4.8-3.1.20060mlcs4.noarch.rpm
e074101cbddda0086eb8628528218abd
corporate/4.0/i586/squirrelmail-sk-1.4.8-3.1.20060mlcs4.noarch.rpm
9c856a8fa088e9e5e8dc28a7c087b4d2
corporate/4.0/i586/squirrelmail-sl-1.4.8-3.1.20060mlcs4.noarch.rpm
9e8d04ac9b1c7c089055572e486fffa8
corporate/4.0/i586/squirrelmail-sr-1.4.8-3.1.20060mlcs4.noarch.rpm
ee4c5f91c8065ff407aea103bb20e024
corporate/4.0/i586/squirrelmail-sv-1.4.8-3.1.20060mlcs4.noarch.rpm
93267f0d3add91d9fa71e2f1680a89f3
corporate/4.0/i586/squirrelmail-th-1.4.8-3.1.20060mlcs4.noarch.rpm
8614c64008b94ad139fdd3336421c920
corporate/4.0/i586/squirrelmail-tl-1.4.8-3.1.20060mlcs4.noarch.rpm
4a6fbf0245470d9fcf5072ae77ac4eef
corporate/4.0/i586/squirrelmail-tr-1.4.8-3.1.20060mlcs4.noarch.rpm
3f2f133c3d0cacecadefc7648aae6c0d
corporate/4.0/i586/squirrelmail-ug-1.4.8-3.1.20060mlcs4.noarch.rpm
2b836169ca514af3ded1383d027cd170
corporate/4.0/i586/squirrelmail-uk-1.4.8-3.1.20060mlcs4.noarch.rpm
46390f41d8942b9ca14c5cc81898a00f
corporate/4.0/i586/squirrelmail-vi-1.4.8-3.1.20060mlcs4.noarch.rpm
930c18bdca20d0b1a65728b255a71f96
corporate/4.0/i586/squirrelmail-zh_CN-1.4.8-3.1.20060mlcs4.noarch.rpm
5dc8559e99284aff1e482457a0d1ed3d
corporate/4.0/i586/squirrelmail-zh_TW-1.4.8-3.1.20060mlcs4.noarch.rpm
b134bb2e680863641a457b9478b59390
corporate/4.0/SRPMS/squirrelmail-1.4.8-3.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
c2b0dd3acf47652ac205c2e0b3be24a9
corporate/4.0/x86_64/squirrelmail-1.4.8-3.1.20060mlcs4.noarch.rpm
0820ee17a848c6acc42444df660f9ac3
corporate/4.0/x86_64/squirrelmail-ar-1.4.8-3.1.20060mlcs4.noarch.rpm
f372ff44ac3ac7ea668b57607897f694
corporate/4.0/x86_64/squirrelmail-bg-1.4.8-3.1.20060mlcs4.noarch.rpm
a5bd987ea5051a5f3e81af1461a832ed
corporate/4.0/x86_64/squirrelmail-bn-1.4.8-3.1.20060mlcs4.noarch.rpm
7be52eb4a430b2468d658edc54ea046f
corporate/4.0/x86_64/squirrelmail-ca-1.4.8-3.1.20060mlcs4.noarch.rpm
c84b32819f87050a562b045b0c48e53e
corporate/4.0/x86_64/squirrelmail-cs-1.4.8-3.1.20060mlcs4.noarch.rpm
83cc2f2456de5579301ad5c0e4c120be
corporate/4.0/x86_64/squirrelmail-cy-1.4.8-3.1.20060mlcs4.noarch.rpm
de4aa16075840a7b7e07f1fe78ba93cb
corporate/4.0/x86_64/squirrelmail-cyrus-1.4.8-3.1.20060mlcs4.noarch.rpm
a43d22f7c65980cfed004909bbb30eab
corporate/4.0/x86_64/squirrelmail-da-1.4.8-3.1.20060mlcs4.noarch.rpm
2358f02f874cce70b2c3981f56cbbf32
corporate/4.0/x86_64/squirrelmail-de-1.4.8-3.1.20060mlcs4.noarch.rpm
eabb1921968805c7cbf22798fcebc7af
corporate/4.0/x86_64/squirrelmail-el-1.4.8-3.1.20060mlcs4.noarch.rpm
a43fb652af55cadf50258136fdeb2d74
corporate/4.0/x86_64/squirrelmail-en-1.4.8-3.1.20060mlcs4.noarch.rpm
4500d031b892b441f433746336c7dcf0
corporate/4.0/x86_64/squirrelmail-es-1.4.8-3.1.20060mlcs4.noarch.rpm
58cb4546b05efac31f3a64e1014095ee
corporate/4.0/x86_64/squirrelmail-et-1.4.8-3.1.20060mlcs4.noarch.rpm
dcf6ae26d69ade7fc454625046129360
corporate/4.0/x86_64/squirrelmail-eu-1.4.8-3.1.20060mlcs4.noarch.rpm
ef5cf4b334635291e9a510bb9ed794eb
corporate/4.0/x86_64/squirrelmail-fa-1.4.8-3.1.20060mlcs4.noarch.rpm
40b9915e723a0f573f1572cffaf03bf4
corporate/4.0/x86_64/squirrelmail-fi-1.4.8-3.1.20060mlcs4.noarch.rpm
0bfa396c60e5cf6a47229f69c9b337a1
corporate/4.0/x86_64/squirrelmail-fo-1.4.8-3.1.20060mlcs4.noarch.rpm
bea0e3c16887a984a6f8fd7084d27db6
corporate/4.0/x86_64/squirrelmail-fr-1.4.8-3.1.20060mlcs4.noarch.rpm
43059bc5bc5c91e5414946b34eda580c
corporate/4.0/x86_64/squirrelmail-he-1.4.8-3.1.20060mlcs4.noarch.rpm
dba3a65e08dd093bd9f6865f403aca06
corporate/4.0/x86_64/squirrelmail-hr-1.4.8-3.1.20060mlcs4.noarch.rpm
a97490f955480bb90321b5a96653f228
corporate/4.0/x86_64/squirrelmail-hu-1.4.8-3.1.20060mlcs4.noarch.rpm
0211d99cc8a5ed9385f3d0a59f8a5f1b
corporate/4.0/x86_64/squirrelmail-id-1.4.8-3.1.20060mlcs4.noarch.rpm
6db9f5d3699dc30d5abf17bbf3367161
corporate/4.0/x86_64/squirrelmail-is-1.4.8-3.1.20060mlcs4.noarch.rpm
53029ee9fc829a6b4c20007fc8e15d99
corporate/4.0/x86_64/squirrelmail-it-1.4.8-3.1.20060mlcs4.noarch.rpm
1e7fbb15fe44df99d88732a11765c460
corporate/4.0/x86_64/squirrelmail-ja-1.4.8-3.1.20060mlcs4.noarch.rpm
f65f1c05de5b647f503e7e1b203171d7
corporate/4.0/x86_64/squirrelmail-ka-1.4.8-3.1.20060mlcs4.noarch.rpm
fe1d25b5ad531f90cf05af7c293a645f
corporate/4.0/x86_64/squirrelmail-ko-1.4.8-3.1.20060mlcs4.noarch.rpm
144bfe711e3effd39cfc6e410ca9af0d
corporate/4.0/x86_64/squirrelmail-lt-1.4.8-3.1.20060mlcs4.noarch.rpm
91d2336ef151704e2e7695d7637a989f
corporate/4.0/x86_64/squirrelmail-ms-1.4.8-3.1.20060mlcs4.noarch.rpm
6c450896ce137fd1220658857e7fa7ee
corporate/4.0/x86_64/squirrelmail-nb-1.4.8-3.1.20060mlcs4.noarch.rpm
f6c1404ec21d6bc6ddba5a720fe7d2ef
corporate/4.0/x86_64/squirrelmail-nl-1.4.8-3.1.20060mlcs4.noarch.rpm
5c289717bc9518ba1133d6e91b5e5a77
corporate/4.0/x86_64/squirrelmail-nn-1.4.8-3.1.20060mlcs4.noarch.rpm
f459bf2f55c0733d63ce96eb365b9d22
corporate/4.0/x86_64/squirrelmail-pl-1.4.8-3.1.20060mlcs4.noarch.rpm
e0a44506bb0f05f0443155b0faf19443
corporate/4.0/x86_64/squirrelmail-poutils-1.4.8-3.1.20060mlcs4.noarch.rpm
6f0b27637a7208b118bb7b9e06b477dd
corporate/4.0/x86_64/squirrelmail-pt-1.4.8-3.1.20060mlcs4.noarch.rpm
9bfcb50cecb0ab7e32bd768b03692a0a
corporate/4.0/x86_64/squirrelmail-ro-1.4.8-3.1.20060mlcs4.noarch.rpm
d8093092134cc585726dd979efb4b651
corporate/4.0/x86_64/squirrelmail-ru-1.4.8-3.1.20060mlcs4.noarch.rpm
1c374b54c33289b2dcb0b237b3f133f5
corporate/4.0/x86_64/squirrelmail-sk-1.4.8-3.1.20060mlcs4.noarch.rpm
bc93e042ec8afc9c72dda75f31099b49
corporate/4.0/x86_64/squirrelmail-sl-1.4.8-3.1.20060mlcs4.noarch.rpm
6e0c7da453b631024cbbeb7e12e7ba5c
corporate/4.0/x86_64/squirrelmail-sr-1.4.8-3.1.20060mlcs4.noarch.rpm
aa294e3ad85a698dd3c34777d4da7903
corporate/4.0/x86_64/squirrelmail-sv-1.4.8-3.1.20060mlcs4.noarch.rpm
e603484d002b57e8a021ac28de0b3179
corporate/4.0/x86_64/squirrelmail-th-1.4.8-3.1.20060mlcs4.noarch.rpm
c5f7e2607f8b5113af875c53628cbc19
corporate/4.0/x86_64/squirrelmail-tl-1.4.8-3.1.20060mlcs4.noarch.rpm
7182b852259c4be5e537418ec5b2305a
corporate/4.0/x86_64/squirrelmail-tr-1.4.8-3.1.20060mlcs4.noarch.rpm
56a78e1547cab2d3b7efcccb35d7b010
corporate/4.0/x86_64/squirrelmail-ug-1.4.8-3.1.20060mlcs4.noarch.rpm
abe4dbdd1dad7b5adb246195f1e0178b
corporate/4.0/x86_64/squirrelmail-uk-1.4.8-3.1.20060mlcs4.noarch.rpm
e871bd1da833d961cd62eba52a383354
corporate/4.0/x86_64/squirrelmail-vi-1.4.8-3.1.20060mlcs4.noarch.rpm
508e5df69a92f5759545e7279f5d729b
corporate/4.0/x86_64/squirrelmail-zh_CN-1.4.8-3.1.20060mlcs4.noarch.rpm
ec8c34458856e9b6aaefcdd5453dcb5e
corporate/4.0/x86_64/squirrelmail-zh_TW-1.4.8-3.1.20060mlcs4.noarch.rpm
b134bb2e680863641a457b9478b59390
corporate/4.0/SRPMS/squirrelmail-1.4.8-3.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFfW5wmqjQ0CJFipgRAvoRAJ9tgXJ7SymXjCVfv2XJoMBaPybpbQCeOOZb
DtlfBAINiPFQINRoofLhzLg=
=zXcQ
-----END PGP SIGNATURE-----