|
|
>> Mandriva Security Update Fixes SquirrelMail Cross Site Scripting and Security Bypass
|
Title : Mandriva Security Update Fixes SquirrelMail Cross Site Scripting and Security Bypass
VUPEN ID : VUPEN/ADV-2006-3381
CVE ID : CVE-2006-3174 - CVE-2006-4019
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-08-25
|
Mandriva has released updated packages to address multiple vulnerabilities identified in SquirrelMail. These flaws could be exploited by attackers to bypass security restrictions or execute arbitrary scripting code. For additional information, see : VUPEN/ADV-2006-3271
Affected Products
Corporate 3.0
Solution
Upgrade the affected packages :
Corporate 3.0:
06470a6a27239654feffdec4586b464f corporate/3.0/RPMS/squirrelmail-1.4.5-1.4.C30mdk.noarch.rpm
5d3b85ad3d7797f72a234e5608ec5500 corporate/3.0/RPMS/squirrelmail-poutils-1.4.5-1.4.C30mdk.noarch.rpm
0ce03cf1cd50e51f8c1658878abbb1f3 corporate/3.0/SRPMS/squirrelmail-1.4.5-1.4.C30mdk.src.rpm
Corporate 3.0/X86_64:
f5f5bddbabeebc495cda7fdb4e0a990e x86_64/corporate/3.0/RPMS/squirrelmail-1.4.5-1.4.C30mdk.noarch.rpm
696d2c1669024ddf4ed11b3b2ec1cc42 x86_64/corporate/3.0/RPMS/squirrelmail-poutils-1.4.5-1.4.C30mdk.noarch.rpm
0ce03cf1cd50e51f8c1658878abbb1f3 x86_64/corporate/3.0/SRPMS/squirrelmail-1.4.5-1.4.C30mdk.src.rpm
References
http://www.vupen.com/english/advisories/2006/3381
http://archives.mandrivalinux.com/security-announce/2006-08/msg00014.php
ChangeLog
2006-08-25 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
