Описание
ELSA-2009-0010: squirrelmail security update (MODERATE)
[1.4.8-5.0.1.el5_2.2]
- Remove Redhat splash screen images
[1.4.8-5.2]
- Resolves: CVE-2008-2379
- fix XSS issue caused by an insufficient html mail sanitation
[1.4.8-5.1]
- don't transmit cookies under non-SSL connections if the session is started under an SSL (https) connection
- Resolves: CVE-2008-3663, #468398
- fix release number with respect to Z-stream nvr policy
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
squirrelmail
1.4.8-5.0.1.el5_2.2
Oracle Linux i386
squirrelmail
1.4.8-5.0.1.el5_2.2
Связанные CVE
Связанные уязвимости
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Squirrelmail 1.4.15 does not set the secure flag for the session cooki ...
Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.