logo
DATABASE RESOURCES PRICING ABOUT US

squirrelmail security update

Description

**CentOS Errata and Security Advisory** CESA-2009:1490 SquirrelMail is a standards-based webmail package written in PHP. Form submissions in SquirrelMail did not implement protection against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a user into visiting a malicious web page, the attacker could hijack that user's authentication, inject malicious content into that user's preferences, or possibly send mail without that user's permission. (CVE-2009-2964) Users of SquirrelMail should upgrade to this updated package, which contains a backported patch to correct these issues. **Merged security bulletin from advisories:** https://lists.centos.org/pipermail/centos-announce/2009-October/053100.html https://lists.centos.org/pipermail/centos-announce/2009-October/053101.html https://lists.centos.org/pipermail/centos-announce/2009-October/053104.html https://lists.centos.org/pipermail/centos-announce/2009-October/053105.html **Affected packages:** squirrelmail **Upstream details at:** https://access.redhat.com/errata/RHSA-2009:1490


Affected Package


OS OS Version Package Name Package Version
CentOS 3 squirrelmail 1.4.8-16.el3.centos.1
CentOS 3 squirrelmail 1.4.8-16.el3.centos.1
CentOS 3 squirrelmail 1.4.8-16.el3.centos.1
CentOS 3 squirrelmail 1.4.8-16.el3.centos.1
CentOS 3 squirrelmail 1.4.8-16.el3.centos.1
CentOS 3 squirrelmail 1.4.8-16.el3.centos.1
CentOS 3 squirrelmail 1.4.8-16.el3.centos.1
CentOS 3 squirrelmail 1.4.8-16.el3.centos.1
CentOS 4 squirrelmail 1.4.8-5.el4_8.8
CentOS 4 squirrelmail 1.4.8-5.el4_8.8
CentOS 4 squirrelmail 1.4.8-5.el4_8.8
CentOS 4 squirrelmail 1.4.8-5.el4_8.8
CentOS 4 squirrelmail 1.4.8-5.el4_8.8
CentOS 4 squirrelmail 1.4.8-5.el4_8.8
CentOS 4 squirrelmail 1.4.8-5.el4_8.8
CentOS 4 squirrelmail 1.4.8-5.el4_8.8

Related