Synopsis: Moderate: squirrelmail security update
Issue date: 2007-05-17
CVE Names: CVE-2007-1262 CVE-2007-2589
Several HTML filtering bugs were discovered in SquirrelMail. An
attacker could inject arbitrary JavaScript leading to cross-site
scripting attacks by sending an e-mail viewed by a user within
SquirrelMail. (CVE-2007-1262)
Squirrelmail did not sufficiently check arguments to IMG tags in HTML
e-mail messages. This could be exploited by an attacker by sending
arbitrary e-mail messages on behalf of a squirrelmail user tricked into
opening a maliciously crafted HTML e-mail message. (CVE-2007-2589)
SL 3.0.x
SRPMS:
squirrelmail-1.4.8-6.el3.src.rpm
i386:
squirrelmail-1.4.8-6.el3.noarch.rpm
x86_64:
squirrelmail-1.4.8-6.el3.noarch.rpm
SL 4.x
SRPMS:
squirrelmail-1.4.8-4.0.1.el4.src.rpm
i386:
squirrelmail-1.4.8-4.0.1.el4.noarch.rpm
x86_64:
squirrelmail-1.4.8-4.0.1.el4.noarch.rpm
SL 5.x
SRPMS:
squirrelmail-1.4.8-4.0.1.el5.src.rpm
i386:
squirrelmail-1.4.8-4.0.1.el5.noarch.rpm
x86_64:
squirrelmail-1.4.8-4.0.1.el5.noarch.rpm
-Connie Sieh
-Troy Dawson