ELSA-2009-0010

ELSA-2009-0010 - squirrelmail security update

Type:SECURITY
Severity:MODERATE
Release Date:2009-01-12

Description



[1.4.8-5.0.1.el5_2.2]
- Remove Redhat splash screen images

[1.4.8-5.2]
- Resolves: CVE-2008-2379
- fix XSS issue caused by an insufficient html mail sanitation

[1.4.8-5.1]
- don't transmit cookies under non-SSL connections if the session
is started under an SSL (https) connection
- Resolves: CVE-2008-3663, #468398
- fix release number with respect to Z-stream nvr policy


Related CVEs


CVE-2008-2379
CVE-2008-3663

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 3 (i386) squirrelmail-1.4.8-8.0.1.el3.src.rpme5bb430e1163f9c2c86f33f1dc315bcbELSA-2009-1490
squirrelmail-1.4.8-8.0.1.el3.noarch.rpm6cbfbe1ee47008ac467dfaea734a8116ELSA-2009-1490
Oracle Linux 3 (x86_64) squirrelmail-1.4.8-8.0.1.el3.src.rpme5bb430e1163f9c2c86f33f1dc315bcbELSA-2009-1490
squirrelmail-1.4.8-8.0.1.el3.noarch.rpm6cbfbe1ee47008ac467dfaea734a8116ELSA-2009-1490
Oracle Linux 4 (i386) squirrelmail-1.4.8-5.0.1.el4_7.2.src.rpm955b242aeac1ed8f6264ec2faac5498eELSA-2012-0103
squirrelmail-1.4.8-5.0.1.el4_7.2.noarch.rpmc0c09cb99455bf7a8a38f568c78c1997ELSA-2012-0103
Oracle Linux 4 (ia64) squirrelmail-1.4.8-5.0.1.el4_7.2.src.rpm955b242aeac1ed8f6264ec2faac5498eELSA-2012-0103
squirrelmail-1.4.8-5.0.1.el4_7.2.noarch.rpmc0c09cb99455bf7a8a38f568c78c1997ELSA-2012-0103
Oracle Linux 4 (x86_64) squirrelmail-1.4.8-5.0.1.el4_7.2.src.rpm955b242aeac1ed8f6264ec2faac5498eELSA-2012-0103
squirrelmail-1.4.8-5.0.1.el4_7.2.noarch.rpmc0c09cb99455bf7a8a38f568c78c1997ELSA-2012-0103
Oracle Linux 5 (i386) squirrelmail-1.4.8-5.0.1.el5_2.2.src.rpm9d089a39d251ef0dde660589b9ef8b82ELSA-2013-0126
squirrelmail-1.4.8-5.0.1.el5_2.2.noarch.rpmaa33c2e0425f6f79c667bcbc92c9dd09ELSA-2013-0126
Oracle Linux 5 (x86_64) squirrelmail-1.4.8-5.0.1.el5_2.2.src.rpm9d089a39d251ef0dde660589b9ef8b82ELSA-2013-0126
squirrelmail-1.4.8-5.0.1.el5_2.2.noarch.rpmaa33c2e0425f6f79c667bcbc92c9dd09ELSA-2013-0126



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete