Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-662-2:ABDC1
HistoryMar 14, 2005 - 2:24 p.m.

[SECURITY] [DSA 662-2] New squirrelmail package fixes regression

2005-03-1414:24:00
lists.debian.org
5
JSON

Debian Security Advisory DSA 662-2 [email protected]
http://www.debian.org/security/ Martin Schulze
March 14th, 2005 http://www.debian.org/security/faq

Package : squirrelmail
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0104 CAN-2005-0152
Debian Bug : 292714 295836

Andrew Archibald discovered that the last update to squirrelmail which
was intended to fix several problems caused a regression which got
exposed when the user hits a session timeout. For completeness below
is the original advisory text:

Several vulnerabilities have been discovered in Squirrelmail, a
commonly used webmail system. The Common Vulnerabilities and
Exposures project identifies the following problems:

CAN-2005-0104

  Upstream developers noticed that an unsanitised variable could
  lead to cross site scripting.

CAN-2005-0152

  Grant Hollingworth discovered that under certain circumstances URL
  manipulation could lead to the execution of arbitrary code with
  the privileges of www-data.  This problem only exists in version
  1.2.6 of Squirrelmail.

For the stable distribution (woody) these problems have been fixed in
version 1.2.6-3.

The correction in the unstable distribution (sid) is not affected by
this regression.

We recommend that you upgrade your squirrelmail package.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-3.dsc
  Size/MD5 checksum:      646 1de7e6666fccf9bec33415a8f087aec6
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-3.diff.gz
  Size/MD5 checksum:    21411 ec0e038ffe18e2035fccac02eb31ba21
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6.orig.tar.gz
  Size/MD5 checksum:  1856087 be9e6be1de8d3dd818185d596b41a7f1

Architecture independent components:

http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-3_all.deb
  Size/MD5 checksum:  1840798 13cfdb962ff49d27edee7ec6686a8265

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

Related

debian 3
osv 1
openvas 9
nessus 8
cert 1
ubuntucve 2
cve 2
securityvulns 1
redhat 2
gentoo 1
freebsd 1
debian
debian
[SECURITY] [DSA 662-2] New squirrelmail package fixes regression
2005-03-14 14:24:00
[SECURITY] [DSA 662-1] New squirrelmail package fixes several vulnerabilities
2005-02-01 14:44:23
[SECURITY] [DSA 662-1] New squirrelmail package fixes several vulnerabilities
2005-02-01 14:44:23
osv
osv
squirrelmail - several
2005-03-14 00:00:00
openvas
openvas
Debian Security Advisory DSA 662-1 (squirrelmail)
2008-01-17 00:00:00
Debian Security Advisory DSA 662-1 (squirrelmail)
2008-01-17 00:00:00
Debian Security Advisory DSA 662-2 (squirrelmail)
2008-01-17 00:00:00
nessus
nessus
Debian DSA-662-2 : squirrelmail - several vulnerabilities
2005-02-02 00:00:00
Fedora Core 3 : squirrelmail-1.4.4-1.FC3 (2005-260)
2005-09-12 00:00:00
Fedora Core 2 : squirrelmail-1.4.4-1.FC2 (2005-259)
2005-05-19 00:00:00
cert
cert
SquirrelMail may allow execution of arbitrary code
2005-02-09 00:00:00
ubuntucve
ubuntucve
CVE-2005-0104
2005-01-29 00:00:00
CVE-2005-0152
2005-02-02 00:00:00
cve
cve
CVE-2005-0152
2005-02-02 05:00:00
CVE-2005-0104
2005-01-29 05:00:00
securityvulns
securityvulns
SquirrelMail Security Advisory
2005-01-30 00:00:00
redhat
redhat
(RHSA-2005:099) squirrelmail security update
2005-02-15 00:00:00
(RHSA-2005:135) squirrelmail security update
2005-02-10 00:00:00
gentoo
gentoo
SquirrelMail: Multiple vulnerabilities
2005-01-28 00:00:00
freebsd
freebsd
squirrelmail -- XSS and remote code injection vulnerabilities
2005-01-29 00:00:00
JSON
Related for DEBIAN:DSA-662-2:ABDC1
debian3osv1openvas9nessus8cert1ubuntucve2cve2securityvulns1redhat2gentoo1freebsd1