Описание
ELSA-2012-0103: squirrelmail security update (MODERATE)
[1.4.8-5.0.1.el5_7.13]
- Remove Redhat splash screen images
[1.4.8-5.13]
- fix typo in CVE-20210-4555 patch
[1.4.8-5.12]
- patch for CVE-2010-2813 was not complete
[1.4.8-5.11]
- fix: CVE-2010-1637 : Port-scans via non-standard POP3 server ports in Mail Fetch plugin
- fix: CVE-2010-2813 : DoS (disk space consumption) by random IMAP login attempts with 8-bit characters in the password
- fix: CVE-2010-4554 : Prone to clickjacking attacks
- fix: CVE-2010-4555 : Multiple XSS flaws [tag handling]
- fix: CVE-2011-2752 : CRLF injection vulnerability
- fix: CVE-2011-2753 : CSRF in the empty trash feature and in Index Order page
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
squirrelmail
1.4.8-5.0.1.el5_7.13
Oracle Linux x86_64
squirrelmail
1.4.8-5.0.1.el5_7.13
Oracle Linux i386
squirrelmail
1.4.8-5.0.1.el5_7.13
Ссылки на источники
Связанные уязвимости
functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
functions/page_header.php in SquirrelMail 1.4.21 and earlier does not ...
functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.