[Security Announce] [ MDKSA-2007:106 ] - Updated squirrelmailpackages fix vulnerabilities
Posted on: 05/20/2007 01:25 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:106
http://www.mandriva.com/security/
_______________________________________________________________________

Package : squirrelmail
Date : May 19, 2007
Affected: Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

A number of HTML filtering bugs were found in SquirrelMail that
could allow an attacker to inject arbitrary JavaScript leading to
cross-site scripting attacks by sending an email viewed by a user
within SquirrelMail (CVE-2007-1262).

As well, SquirrelMail did not sufficiently check arguments to IMG tags
in HTML messages that could be exploited by an attacker by sending
arbitrary email messges on behalf of a SquirrelMail user tricked into
opening a maliciously-crafted HTML email message (CVE-2007-2589).

The packages provided have been updated to correct these
vulnerabilities; Corporate Server 4 has been upgraded to SquirrelMail
1.4.10a and Corporate Server 3 has been patched to protect against
these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2589
_______________________________________________________________________

Updated Packages:

Corporate 3.0:
e3c5f1b83f6f20915ea82419f7b878b5 corporate/3.0/i586/squirrelmail-1.4.5-1.6.C30mdk.noarch.rpm
2edfb083bb6215aab9bd46aeacdf32a9 corporate/3.0/i586/squirrelmail-poutils-1.4.5-1.6.C30mdk.noarch.rpm
fdfb2f5cfc43752d836f55bf165531d4 corporate/3.0/SRPMS/squirrelmail-1.4.5-1.6.C30mdk.src.rpm

Corporate 3.0/X86_64:
e3c5f1b83f6f20915ea82419f7b878b5 corporate/3.0/x86_64/squirrelmail-1.4.5-1.6.C30mdk.noarch.rpm
2edfb083bb6215aab9bd46aeacdf32a9 corporate/3.0/x86_64/squirrelmail-poutils-1.4.5-1.6.C30mdk.noarch.rpm
fdfb2f5cfc43752d836f55bf165531d4 corporate/3.0/SRPMS/squirrelmail-1.4.5-1.6.C30mdk.src.rpm

Corporate 4.0:
00a9cbc5496e1e870744f6522c1bc773 corporate/4.0/i586/squirrelmail-1.4.10a-0.1.20060mlcs4.noarch.rpm
d4e553f398f4235f150ee4122090ec88 corporate/4.0/i586/squirrelmail-ar-1.4.10a-0.1.20060mlcs4.noarch.rpm
76888c9511b69b7334e84acf9ef129ab corporate/4.0/i586/squirrelmail-bg-1.4.10a-0.1.20060mlcs4.noarch.rpm
4c61f79a417adf6eeea687b457462a8f corporate/4.0/i586/squirrelmail-bn-1.4.10a-0.1.20060mlcs4.noarch.rpm
f089e4bb67c55cddd1f7629e593e703b corporate/4.0/i586/squirrelmail-ca-1.4.10a-0.1.20060mlcs4.noarch.rpm
0a379ace81dd9369f899b7b7118cb760 corporate/4.0/i586/squirrelmail-cs-1.4.10a-0.1.20060mlcs4.noarch.rpm
dff33042bf47adef266547d7a9b3ade2 corporate/4.0/i586/squirrelmail-cy-1.4.10a-0.1.20060mlcs4.noarch.rpm
2d4edc19e56833116ab2294f4a27d23b corporate/4.0/i586/squirrelmail-cyrus-1.4.10a-0.1.20060mlcs4.noarch.rpm
7bec6d64bbe6999e11d7d0c77bcaab82 corporate/4.0/i586/squirrelmail-da-1.4.10a-0.1.20060mlcs4.noarch.rpm
5e14e81ec4f57f016656c7d0114fdcad corporate/4.0/i586/squirrelmail-de-1.4.10a-0.1.20060mlcs4.noarch.rpm
13813b8c28001bd43cdd6af745e736b8 corporate/4.0/i586/squirrelmail-el-1.4.10a-0.1.20060mlcs4.noarch.rpm
a7f9076a6af3d2b98eec5bdf4f21811d corporate/4.0/i586/squirrelmail-en-1.4.10a-0.1.20060mlcs4.noarch.rpm
ec38199eecabb658647e352b4f2c30ba corporate/4.0/i586/squirrelmail-es-1.4.10a-0.1.20060mlcs4.noarch.rpm
ffe5ecdb63aaf4aead6d9d0cde35baf9 corporate/4.0/i586/squirrelmail-et-1.4.10a-0.1.20060mlcs4.noarch.rpm
07dcf84da41d89559b90681a87373dc6 corporate/4.0/i586/squirrelmail-eu-1.4.10a-0.1.20060mlcs4.noarch.rpm
9658a4ba0a0323ce9bba873fe4c1c4b9 corporate/4.0/i586/squirrelmail-fa-1.4.10a-0.1.20060mlcs4.noarch.rpm
e25b7b37ee46ca3e51cf8c3c4f05663e corporate/4.0/i586/squirrelmail-fi-1.4.10a-0.1.20060mlcs4.noarch.rpm
407062a02f20eecc5b2f3ab0d4380e43 corporate/4.0/i586/squirrelmail-fo-1.4.10a-0.1.20060mlcs4.noarch.rpm
5cc39ed0d608875a7603701dacf6a0b7 corporate/4.0/i586/squirrelmail-fr-1.4.10a-0.1.20060mlcs4.noarch.rpm
db6096f1b9bf670da192bb937d149168 corporate/4.0/i586/squirrelmail-he-1.4.10a-0.1.20060mlcs4.noarch.rpm
ab01482e97c19c60db21026f8d910a09 corporate/4.0/i586/squirrelmail-hr-1.4.10a-0.1.20060mlcs4.noarch.rpm
7e950b64fb7c34c1ad285c1160d58d5e corporate/4.0/i586/squirrelmail-hu-1.4.10a-0.1.20060mlcs4.noarch.rpm
8e765a394db8a6f0ca05c9207bd2f025 corporate/4.0/i586/squirrelmail-id-1.4.10a-0.1.20060mlcs4.noarch.rpm
cb68e301cbb371150d37883a69850589 corporate/4.0/i586/squirrelmail-is-1.4.10a-0.1.20060mlcs4.noarch.rpm
b5645e48af1b39cdfa32e3fa52ea7bb4 corporate/4.0/i586/squirrelmail-it-1.4.10a-0.1.20060mlcs4.noarch.rpm
645c0f8c641986cb777bd058e95c6d32 corporate/4.0/i586/squirrelmail-ja-1.4.10a-0.1.20060mlcs4.noarch.rpm
8f220bf05ec6286877917d2509c0d3e5 corporate/4.0/i586/squirrelmail-ka-1.4.10a-0.1.20060mlcs4.noarch.rpm
f0fb577de0b859f3bb6bc5381d3f1005 corporate/4.0/i586/squirrelmail-ko-1.4.10a-0.1.20060mlcs4.noarch.rpm
bd9ca263ce438c7c73d78296a1a21504 corporate/4.0/i586/squirrelmail-lt-1.4.10a-0.1.20060mlcs4.noarch.rpm
870b38ef81516da105951688f9a42b60 corporate/4.0/i586/squirrelmail-ms-1.4.10a-0.1.20060mlcs4.noarch.rpm
9ed257e3302a906aa2809b8b03f551d3 corporate/4.0/i586/squirrelmail-nb-1.4.10a-0.1.20060mlcs4.noarch.rpm
b6e36bd9ea5c40410b1bb62a0f749343 corporate/4.0/i586/squirrelmail-nl-1.4.10a-0.1.20060mlcs4.noarch.rpm
f8dad3c19799b0c72c398aa722cd25ab corporate/4.0/i586/squirrelmail-nn-1.4.10a-0.1.20060mlcs4.noarch.rpm
a17af2f51a339ad50c8d47bfc46d7b96 corporate/4.0/i586/squirrelmail-pl-1.4.10a-0.1.20060mlcs4.noarch.rpm
f2126cfaa0fa6c91849177a6d4c98373 corporate/4.0/i586/squirrelmail-poutils-1.4.10a-0.1.20060mlcs4.noarch.rpm
f92f94136001810cce68a37ac00b42e8 corporate/4.0/i586/squirrelmail-pt-1.4.10a-0.1.20060mlcs4.noarch.rpm
39157e969bdbb36040da6ab0cdd7e986 corporate/4.0/i586/squirrelmail-ro-1.4.10a-0.1.20060mlcs4.noarch.rpm
98b993b7e7117797bb3a41d26f699a4a corporate/4.0/i586/squirrelmail-ru-1.4.10a-0.1.20060mlcs4.noarch.rpm
8c1a2cfbe4dcec22fa922acdce5356da corporate/4.0/i586/squirrelmail-sk-1.4.10a-0.1.20060mlcs4.noarch.rpm
2d0dcbe712a9a32630e4c7286e7b6b98 corporate/4.0/i586/squirrelmail-sl-1.4.10a-0.1.20060mlcs4.noarch.rpm
91f842b7ec13189b12ae004e69c7c813 corporate/4.0/i586/squirrelmail-sr-1.4.10a-0.1.20060mlcs4.noarch.rpm
2c7effb242f5821bc1dcac3751826971 corporate/4.0/i586/squirrelmail-sv-1.4.10a-0.1.20060mlcs4.noarch.rpm
782742145d5645ddf4dd154335d32c4c corporate/4.0/i586/squirrelmail-th-1.4.10a-0.1.20060mlcs4.noarch.rpm
25cbe538d17a6c445d33836d8519e00b corporate/4.0/i586/squirrelmail-tl-1.4.10a-0.1.20060mlcs4.noarch.rpm
0afa08b672fe9143f257c7662ba902e1 corporate/4.0/i586/squirrelmail-tr-1.4.10a-0.1.20060mlcs4.noarch.rpm
866d67e6d199843d49fa89f839ea96a1 corporate/4.0/i586/squirrelmail-ug-1.4.10a-0.1.20060mlcs4.noarch.rpm
731916f9543710af726cd3e532731633 corporate/4.0/i586/squirrelmail-uk-1.4.10a-0.1.20060mlcs4.noarch.rpm
c9c59033a62495c6f7d5f4f1d67ad737 corporate/4.0/i586/squirrelmail-vi-1.4.10a-0.1.20060mlcs4.noarch.rpm
20f3edd5924b403bbd9ddbdf1556fb81 corporate/4.0/i586/squirrelmail-zh_CN-1.4.10a-0.1.20060mlcs4.noarch.rpm
7fff9380eb6ce2c4fdb9027434cebed3 corporate/4.0/i586/squirrelmail-zh_TW-1.4.10a-0.1.20060mlcs4.noarch.rpm
bab8517dc2caa6e86d3b08d197ead728 corporate/4.0/SRPMS/squirrelmail-1.4.10a-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
00a9cbc5496e1e870744f6522c1bc773 corporate/4.0/x86_64/squirrelmail-1.4.10a-0.1.20060mlcs4.noarch.rpm
d4e553f398f4235f150ee4122090ec88 corporate/4.0/x86_64/squirrelmail-ar-1.4.10a-0.1.20060mlcs4.noarch.rpm
76888c9511b69b7334e84acf9ef129ab corporate/4.0/x86_64/squirrelmail-bg-1.4.10a-0.1.20060mlcs4.noarch.rpm
4c61f79a417adf6eeea687b457462a8f corporate/4.0/x86_64/squirrelmail-bn-1.4.10a-0.1.20060mlcs4.noarch.rpm
f089e4bb67c55cddd1f7629e593e703b corporate/4.0/x86_64/squirrelmail-ca-1.4.10a-0.1.20060mlcs4.noarch.rpm
0a379ace81dd9369f899b7b7118cb760 corporate/4.0/x86_64/squirrelmail-cs-1.4.10a-0.1.20060mlcs4.noarch.rpm
dff33042bf47adef266547d7a9b3ade2 corporate/4.0/x86_64/squirrelmail-cy-1.4.10a-0.1.20060mlcs4.noarch.rpm
2d4edc19e56833116ab2294f4a27d23b corporate/4.0/x86_64/squirrelmail-cyrus-1.4.10a-0.1.20060mlcs4.noarch.rpm
7bec6d64bbe6999e11d7d0c77bcaab82 corporate/4.0/x86_64/squirrelmail-da-1.4.10a-0.1.20060mlcs4.noarch.rpm
5e14e81ec4f57f016656c7d0114fdcad corporate/4.0/x86_64/squirrelmail-de-1.4.10a-0.1.20060mlcs4.noarch.rpm
13813b8c28001bd43cdd6af745e736b8 corporate/4.0/x86_64/squirrelmail-el-1.4.10a-0.1.20060mlcs4.noarch.rpm
a7f9076a6af3d2b98eec5bdf4f21811d corporate/4.0/x86_64/squirrelmail-en-1.4.10a-0.1.20060mlcs4.noarch.rpm
ec38199eecabb658647e352b4f2c30ba corporate/4.0/x86_64/squirrelmail-es-1.4.10a-0.1.20060mlcs4.noarch.rpm
ffe5ecdb63aaf4aead6d9d0cde35baf9 corporate/4.0/x86_64/squirrelmail-et-1.4.10a-0.1.20060mlcs4.noarch.rpm
07dcf84da41d89559b90681a87373dc6 corporate/4.0/x86_64/squirrelmail-eu-1.4.10a-0.1.20060mlcs4.noarch.rpm
9658a4ba0a0323ce9bba873fe4c1c4b9 corporate/4.0/x86_64/squirrelmail-fa-1.4.10a-0.1.20060mlcs4.noarch.rpm
e25b7b37ee46ca3e51cf8c3c4f05663e corporate/4.0/x86_64/squirrelmail-fi-1.4.10a-0.1.20060mlcs4.noarch.rpm
407062a02f20eecc5b2f3ab0d4380e43 corporate/4.0/x86_64/squirrelmail-fo-1.4.10a-0.1.20060mlcs4.noarch.rpm
5cc39ed0d608875a7603701dacf6a0b7 corporate/4.0/x86_64/squirrelmail-fr-1.4.10a-0.1.20060mlcs4.noarch.rpm
db6096f1b9bf670da192bb937d149168 corporate/4.0/x86_64/squirrelmail-he-1.4.10a-0.1.20060mlcs4.noarch.rpm
ab01482e97c19c60db21026f8d910a09 corporate/4.0/x86_64/squirrelmail-hr-1.4.10a-0.1.20060mlcs4.noarch.rpm
7e950b64fb7c34c1ad285c1160d58d5e corporate/4.0/x86_64/squirrelmail-hu-1.4.10a-0.1.20060mlcs4.noarch.rpm
8e765a394db8a6f0ca05c9207bd2f025 corporate/4.0/x86_64/squirrelmail-id-1.4.10a-0.1.20060mlcs4.noarch.rpm
cb68e301cbb371150d37883a69850589 corporate/4.0/x86_64/squirrelmail-is-1.4.10a-0.1.20060mlcs4.noarch.rpm
b5645e48af1b39cdfa32e3fa52ea7bb4 corporate/4.0/x86_64/squirrelmail-it-1.4.10a-0.1.20060mlcs4.noarch.rpm
645c0f8c641986cb777bd058e95c6d32 corporate/4.0/x86_64/squirrelmail-ja-1.4.10a-0.1.20060mlcs4.noarch.rpm
8f220bf05ec6286877917d2509c0d3e5 corporate/4.0/x86_64/squirrelmail-ka-1.4.10a-0.1.20060mlcs4.noarch.rpm
f0fb577de0b859f3bb6bc5381d3f1005 corporate/4.0/x86_64/squirrelmail-ko-1.4.10a-0.1.20060mlcs4.noarch.rpm
bd9ca263ce438c7c73d78296a1a21504 corporate/4.0/x86_64/squirrelmail-lt-1.4.10a-0.1.20060mlcs4.noarch.rpm
870b38ef81516da105951688f9a42b60 corporate/4.0/x86_64/squirrelmail-ms-1.4.10a-0.1.20060mlcs4.noarch.rpm
9ed257e3302a906aa2809b8b03f551d3 corporate/4.0/x86_64/squirrelmail-nb-1.4.10a-0.1.20060mlcs4.noarch.rpm
b6e36bd9ea5c40410b1bb62a0f749343 corporate/4.0/x86_64/squirrelmail-nl-1.4.10a-0.1.20060mlcs4.noarch.rpm
f8dad3c19799b0c72c398aa722cd25ab corporate/4.0/x86_64/squirrelmail-nn-1.4.10a-0.1.20060mlcs4.noarch.rpm
a17af2f51a339ad50c8d47bfc46d7b96 corporate/4.0/x86_64/squirrelmail-pl-1.4.10a-0.1.20060mlcs4.noarch.rpm
f2126cfaa0fa6c91849177a6d4c98373 corporate/4.0/x86_64/squirrelmail-poutils-1.4.10a-0.1.20060mlcs4.noarch.rpm
f92f94136001810cce68a37ac00b42e8 corporate/4.0/x86_64/squirrelmail-pt-1.4.10a-0.1.20060mlcs4.noarch.rpm
39157e969bdbb36040da6ab0cdd7e986 corporate/4.0/x86_64/squirrelmail-ro-1.4.10a-0.1.20060mlcs4.noarch.rpm
98b993b7e7117797bb3a41d26f699a4a corporate/4.0/x86_64/squirrelmail-ru-1.4.10a-0.1.20060mlcs4.noarch.rpm
8c1a2cfbe4dcec22fa922acdce5356da corporate/4.0/x86_64/squirrelmail-sk-1.4.10a-0.1.20060mlcs4.noarch.rpm
2d0dcbe712a9a32630e4c7286e7b6b98 corporate/4.0/x86_64/squirrelmail-sl-1.4.10a-0.1.20060mlcs4.noarch.rpm
91f842b7ec13189b12ae004e69c7c813 corporate/4.0/x86_64/squirrelmail-sr-1.4.10a-0.1.20060mlcs4.noarch.rpm
2c7effb242f5821bc1dcac3751826971 corporate/4.0/x86_64/squirrelmail-sv-1.4.10a-0.1.20060mlcs4.noarch.rpm
782742145d5645ddf4dd154335d32c4c corporate/4.0/x86_64/squirrelmail-th-1.4.10a-0.1.20060mlcs4.noarch.rpm
25cbe538d17a6c445d33836d8519e00b corporate/4.0/x86_64/squirrelmail-tl-1.4.10a-0.1.20060mlcs4.noarch.rpm
0afa08b672fe9143f257c7662ba902e1 corporate/4.0/x86_64/squirrelmail-tr-1.4.10a-0.1.20060mlcs4.noarch.rpm
866d67e6d199843d49fa89f839ea96a1 corporate/4.0/x86_64/squirrelmail-ug-1.4.10a-0.1.20060mlcs4.noarch.rpm
731916f9543710af726cd3e532731633 corporate/4.0/x86_64/squirrelmail-uk-1.4.10a-0.1.20060mlcs4.noarch.rpm
c9c59033a62495c6f7d5f4f1d67ad737 corporate/4.0/x86_64/squirrelmail-vi-1.4.10a-0.1.20060mlcs4.noarch.rpm
20f3edd5924b403bbd9ddbdf1556fb81 corporate/4.0/x86_64/squirrelmail-zh_CN-1.4.10a-0.1.20060mlcs4.noarch.rpm
7fff9380eb6ce2c4fdb9027434cebed3 corporate/4.0/x86_64/squirrelmail-zh_TW-1.4.10a-0.1.20060mlcs4.noarch.rpm
bab8517dc2caa6e86d3b08d197ead728 corporate/4.0/SRPMS/squirrelmail-1.4.10a-0.1.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGT0aqmqjQ0CJFipgRAuLwAJ9HafZRRE5r8alqoNNQEjHYtPZb7gCePtDd
IObzuzV4HqWvYhtNatKOeRg=
=QCKi
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007106__updated_squirrelmailpackages_fix_vulnerabilities.html)