(RHSA-2007:0358) Moderate: squirrelmail security update

2007-05-1700:00:00

access.redhat.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.0%

JSON

SquirrelMail is a standards-based webmail package written in PHP4.

Several HTML filtering bugs were discovered in SquirrelMail. An attacker
could inject arbitrary JavaScript leading to cross-site scripting attacks
by sending an e-mail viewed by a user within SquirrelMail.
(CVE-2007-1262)

Squirrelmail did not sufficiently check arguments to IMG tags in HTML
e-mail messages. This could be exploited by an attacker by sending
arbitrary e-mail messages on behalf of a squirrelmail user tricked into opening
a maliciously crafted HTML e-mail message. (CVE-2007-2589)

Users of SquirrelMail should upgrade to this erratum package, which
contains a backported patch to correct these issues.

OSVersionArchitecturePackageVersionFilename
RedHat3noarchsquirrelmail< 1.4.8-6.el3squirrelmail-1.4.8-6.el3.noarch.rpm
RedHat5srcsquirrelmail< 1.4.8-4.0.1.el5squirrelmail-1.4.8-4.0.1.el5.src.rpm
RedHat5noarchsquirrelmail< 1.4.8-4.0.1.el5squirrelmail-1.4.8-4.0.1.el5.noarch.rpm
RedHat4srcsquirrelmail< 1.4.8-4.0.1.el4squirrelmail-1.4.8-4.0.1.el4.src.rpm
RedHat4noarchsquirrelmail< 1.4.8-4.0.1.el4squirrelmail-1.4.8-4.0.1.el4.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	3	noarch	squirrelmail	< 1.4.8-6.el3	squirrelmail-1.4.8-6.el3.noarch.rpm
RedHat	5	src	squirrelmail	< 1.4.8-4.0.1.el5	squirrelmail-1.4.8-4.0.1.el5.src.rpm
RedHat	5	noarch	squirrelmail	< 1.4.8-4.0.1.el5	squirrelmail-1.4.8-4.0.1.el5.noarch.rpm
RedHat	4	src	squirrelmail	< 1.4.8-4.0.1.el4	squirrelmail-1.4.8-4.0.1.el4.src.rpm
RedHat	4	noarch	squirrelmail	< 1.4.8-4.0.1.el4	squirrelmail-1.4.8-4.0.1.el4.noarch.rpm