Oxygen3 24h-365d [SquirrelMail 1.4.9a update fixes multiple vulnerabilities - 12/7/06]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



             "Opera is where a guy gets stabbed in the
               back, and instead of dying, he sings."
          Robert Charles Benchley (1889-1945) US humorist
     (On December 7, 1732, The Royal Opera House opens in London)

    - SquirrelMail 1.4.9a update fixes multiple vulnerabilities - 
   Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, December 7, 2006 - Version 1.4.9a of SquirrelMail has been
released, which fixes several cross-site scripting vulnerabilities that
could be exploited to inject code in Web sessions. 

The first flaw lies in the webmail.php and compose.php scripts and stems
from incorrect filtering of certain parameters before they are sent to
the client. The second vulnerability affects the magicHTML filter which
filters and cleans up content of HTML messages.

An attacker could inject HTML code or scripts through these
vulnerabilities and run it on the user's mail client.

Versions 1.4.0 to 1.4.9 of SquirrelMail are affected, whereas version
1.4.9a fixes all of these issues. More details in the original advisory,
available at http://squirrelmail.org/security/issue/2006-12-02

(*) SquirrelMail is a PHP-based Web mail system, which supports the IMAP
and SMTP protocols. All pages are displayed with HTML 4.0 to ensure
compatibility with as many browsers as possible.

taharka

Lexington, Kentucky U.S.A.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux