Synopsis: Moderate: squirrelmail security update Issue date: 2009-10-08 CVE Names: CVE-2009-2964 CVE-2009-2964 squirrelmail: CSRF issues in all forms Form submissions in SquirrelMail did not implement protection against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a user into visiting a malicious web page, the attacker could hijack that user's authentication, inject malicious content into that user's preferences, or possibly send mail without that user's permission. (CVE-2009-2964) SL 3.0.x SRPMS: squirrelmail-1.4.8-16.el3.src.rpm i386: squirrelmail-1.4.8-16.el3.noarch.rpm x86_64: squirrelmail-1.4.8-16.el3.noarch.rpm SL 4.x SRPMS: squirrelmail-1.4.8-5.el4_8.8.src.rpm i386: squirrelmail-1.4.8-5.el4_8.8.noarch.rpm x86_64: squirrelmail-1.4.8-5.el4_8.8.noarch.rpm SL 5.x SRPMS: squirrelmail-1.4.8-5.el5_4.10.src.rpm i386: squirrelmail-1.4.8-5.el5_4.10.noarch.rpm x86_64: squirrelmail-1.4.8-5.el5_4.10.noarch.rpm -Connie Sieh -Troy Dawson