Home / vulnerabilities MDKSA-2006-226.txt
Posted on 12 December 2006
Source : packetstormsecurity.org Link
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:226
http://www.mandriva.com/security/
_______________________________________________________________________
Package : squirrelmail
Date : December 11, 2006
Affected: Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail
1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web
script or HTML via the (1) mailto parameter in (a) webmail.php, the (2)
session and (3) delete_draft parameters in (b) compose.php, and (4)
unspecified vectors involving "a shortcoming in the magicHTML filter."
Updated packages are patched to address these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6142
_______________________________________________________________________
Updated Packages:
Corporate 3.0:
fdd1baf652c58196f2b538b389bec65f corporate/3.0/i586/squirrelmail-1.4.5-1.5.C30mdk.noarch.rpm
89d39b6fc6a73d84feeb9f3deb458d0a corporate/3.0/i586/squirrelmail-poutils-1.4.5-1.5.C30mdk.noarch.rpm
d4de921727ae29bba7221a3e93d487bc corporate/3.0/SRPMS/squirrelmail-1.4.5-1.5.C30mdk.src.rpm
Corporate 3.0/X86_64:
ba27570deb04e7ff3400a280bbe75d52 corporate/3.0/x86_64/squirrelmail-1.4.5-1.5.C30mdk.noarch.rpm
276acc4e766908c326321cd214abd341 corporate/3.0/x86_64/squirrelmail-poutils-1.4.5-1.5.C30mdk.noarch.rpm
d4de921727ae29bba7221a3e93d487bc corporate/3.0/SRPMS/squirrelmail-1.4.5-1.5.C30mdk.src.rpm
Corporate 4.0:
9503ad05873246568977df58ddc01e96 corporate/4.0/i586/squirrelmail-1.4.8-3.1.20060mlcs4.noarch.rpm
15d7cc5cf7b4f377c989dbfdfde9bc3a corporate/4.0/i586/squirrelmail-ar-1.4.8-3.1.20060mlcs4.noarch.rpm
cbb2b592b960ee18160b0545bd01b11b corporate/4.0/i586/squirrelmail-bg-1.4.8-3.1.20060mlcs4.noarch.rpm
823a98906ea456700be9f9301c03d3ca corporate/4.0/i586/squirrelmail-bn-1.4.8-3.1.20060mlcs4.noarch.rpm
da53ecb3b61aacb38d9091416be2ad56 corporate/4.0/i586/squirrelmail-ca-1.4.8-3.1.20060mlcs4.noarch.rpm
a678e3d9380e1ab15f7232f64a4eb968 corporate/4.0/i586/squirrelmail-cs-1.4.8-3.1.20060mlcs4.noarch.rpm
f8b349923a77d8b844aa8ec86a63271d corporate/4.0/i586/squirrelmail-cy-1.4.8-3.1.20060mlcs4.noarch.rpm
276bd5cfb76328244e1359e5026b5d6b corporate/4.0/i586/squirrelmail-cyrus-1.4.8-3.1.20060mlcs4.noarch.rpm
39a5d34d477eb4ebe60e3a70c67f52e5 corporate/4.0/i586/squirrelmail-da-1.4.8-3.1.20060mlcs4.noarch.rpm
993a2c910c67f3c91723c2d4a0813f9c corporate/4.0/i586/squirrelmail-de-1.4.8-3.1.20060mlcs4.noarch.rpm
06f4e571aba0928134506bd2a9198932 corporate/4.0/i586/squirrelmail-el-1.4.8-3.1.20060mlcs4.noarch.rpm
63ec92841ad90c70dae9d64e72c82662 corporate/4.0/i586/squirrelmail-en-1.4.8-3.1.20060mlcs4.noarch.rpm
d8e5a906d6e759ae19ff100690ec5e63 corporate/4.0/i586/squirrelmail-es-1.4.8-3.1.20060mlcs4.noarch.rpm
385f47aa4d9812a0a7d75a9db33b18b9 corporate/4.0/i586/squirrelmail-et-1.4.8-3.1.20060mlcs4.noarch.rpm
39fe314ed16fda2f4d342dc7f45271a4 corporate/4.0/i586/squirrelmail-eu-1.4.8-3.1.20060mlcs4.noarch.rpm
2959c6d41637880844da2a4b928ab3ea corporate/4.0/i586/squirrelmail-fa-1.4.8-3.1.20060mlcs4.noarch.rpm
0f26c752ebe55b741da49ffc8e7df910 corporate/4.0/i586/squirrelmail-fi-1.4.8-3.1.20060mlcs4.noarch.rpm
fb53b2054f25f65f75529a4500adb05e corporate/4.0/i586/squirrelmail-fo-1.4.8-3.1.20060mlcs4.noarch.rpm
52204b63d7536a948aefe250b075ab4b corporate/4.0/i586/squirrelmail-fr-1.4.8-3.1.20060mlcs4.noarch.rpm
c877a11c38c60fa0664b425190d73e6b corporate/4.0/i586/squirrelmail-he-1.4.8-3.1.20060mlcs4.noarch.rpm
59aac3b1912c3da62b3b721361db620b corporate/4.0/i586/squirrelmail-hr-1.4.8-3.1.20060mlcs4.noarch.rpm
91fa54fde44d76216b3195a6e6e7f1a4 corporate/4.0/i586/squirrelmail-hu-1.4.8-3.1.20060mlcs4.noarch.rpm
8ad5805c6e351ae6fa6fbb53b13cb4de corporate/4.0/i586/squirrelmail-id-1.4.8-3.1.20060mlcs4.noarch.rpm
af76a96cd2f1376eae5c1bf2f3d1f65b corporate/4.0/i586/squirrelmail-is-1.4.8-3.1.20060mlcs4.noarch.rpm
7b1f3d4cdcf063b1e8b5f308e217e554 corporate/4.0/i586/squirrelmail-it-1.4.8-3.1.20060mlcs4.noarch.rpm
bc1f13031e7155bca253f5835ae0c90c corporate/4.0/i586/squirrelmail-ja-1.4.8-3.1.20060mlcs4.noarch.rpm
a4f516f21f2036e89484dafe9d3d1a6c corporate/4.0/i586/squirrelmail-ka-1.4.8-3.1.20060mlcs4.noarch.rpm
0e9b7214f5ce67f1a7b55d0bd196d814 corporate/4.0/i586/squirrelmail-ko-1.4.8-3.1.20060mlcs4.noarch.rpm
35a4bc3bf9161ffc3d10c5e4aed52877 corporate/4.0/i586/squirrelmail-lt-1.4.8-3.1.20060mlcs4.noarch.rpm
75b9963fa101cb2c71831ce4dd4e7f33 corporate/4.0/i586/squirrelmail-ms-1.4.8-3.1.20060mlcs4.noarch.rpm
ef4f24c8f94cb9e6384a35a556de256e corporate/4.0/i586/squirrelmail-nb-1.4.8-3.1.20060mlcs4.noarch.rpm
4d2b35b6527db41eec54c917dd44ba01 corporate/4.0/i586/squirrelmail-nl-1.4.8-3.1.20060mlcs4.noarch.rpm
5db7bfef8a1ccfd7b2e5d57ca119a7e0 corporate/4.0/i586/squirrelmail-nn-1.4.8-3.1.20060mlcs4.noarch.rpm
afe1da824ed5c25db8046b4ddc2389d8 corporate/4.0/i586/squirrelmail-pl-1.4.8-3.1.20060mlcs4.noarch.rpm
b22b1fbf3a474983d017a164d737bba9 corporate/4.0/i586/squirrelmail-poutils-1.4.8-3.1.20060mlcs4.noarch.rpm
9ca9b100b0649843e2f17ef33c69a3a2 corporate/4.0/i586/squirrelmail-pt-1.4.8-3.1.20060mlcs4.noarch.rpm
780fff6991d9116971c35ec2fa378d90 corporate/4.0/i586/squirrelmail-ro-1.4.8-3.1.20060mlcs4.noarch.rpm
99cad9c5a0c26db2c6698f1a9b6ed804 corporate/4.0/i586/squirrelmail-ru-1.4.8-3.1.20060mlcs4.noarch.rpm
e074101cbddda0086eb8628528218abd corporate/4.0/i586/squirrelmail-sk-1.4.8-3.1.20060mlcs4.noarch.rpm
9c856a8fa088e9e5e8dc28a7c087b4d2 corporate/4.0/i586/squirrelmail-sl-1.4.8-3.1.20060mlcs4.noarch.rpm
9e8d04ac9b1c7c089055572e486fffa8 corporate/4.0/i586/squirrelmail-sr-1.4.8-3.1.20060mlcs4.noarch.rpm
ee4c5f91c8065ff407aea103bb20e024 corporate/4.0/i586/squirrelmail-sv-1.4.8-3.1.20060mlcs4.noarch.rpm
93267f0d3add91d9fa71e2f1680a89f3 corporate/4.0/i586/squirrelmail-th-1.4.8-3.1.20060mlcs4.noarch.rpm
8614c64008b94ad139fdd3336421c920 corporate/4.0/i586/squirrelmail-tl-1.4.8-3.1.20060mlcs4.noarch.rpm
4a6fbf0245470d9fcf5072ae77ac4eef corporate/4.0/i586/squirrelmail-tr-1.4.8-3.1.20060mlcs4.noarch.rpm
3f2f133c3d0cacecadefc7648aae6c0d corporate/4.0/i586/squirrelmail-ug-1.4.8-3.1.20060mlcs4.noarch.rpm
2b836169ca514af3ded1383d027cd170 corporate/4.0/i586/squirrelmail-uk-1.4.8-3.1.20060mlcs4.noarch.rpm
46390f41d8942b9ca14c5cc81898a00f corporate/4.0/i586/squirrelmail-vi-1.4.8-3.1.20060mlcs4.noarch.rpm
930c18bdca20d0b1a65728b255a71f96 corporate/4.0/i586/squirrelmail-zh_CN-1.4.8-3.1.20060mlcs4.noarch.rpm
5dc8559e99284aff1e482457a0d1ed3d corporate/4.0/i586/squirrelmail-zh_TW-1.4.8-3.1.20060mlcs4.noarch.rpm
b134bb2e680863641a457b9478b59390 corporate/4.0/SRPMS/squirrelmail-1.4.8-3.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
c2b0dd3acf47652ac205c2e0b3be24a9 corporate/4.0/x86_64/squirrelmail-1.4.8-3.1.20060mlcs4.noarch.rpm
0820ee17a848c6acc42444df660f9ac3 corporate/4.0/x86_64/squirrelmail-ar-1.4.8-3.1.20060mlcs4.noarch.rpm
f372ff44ac3ac7ea668b57607897f694 corporate/4.0/x86_64/squirrelmail-bg-1.4.8-3.1.20060mlcs4.noarch.rpm
a5bd987ea5051a5f3e81af1461a832ed corporate/4.0/x86_64/squirrelmail-bn-1.4.8-3.1.20060mlcs4.noarch.rpm
7be52eb4a430b2468d658edc54ea046f corporate/4.0/x86_64/squirrelmail-ca-1.4.8-3.1.20060mlcs4.noarch.rpm
c84b32819f87050a562b045b0c48e53e corporate/4.0/x86_64/squirrelmail-cs-1.4.8-3.1.20060mlcs4.noarch.rpm
83cc2f2456de5579301ad5c0e4c120be corporate/4.0/x86_64/squirrelmail-cy-1.4.8-3.1.20060mlcs4.noarch.rpm
de4aa16075840a7b7e07f1fe78ba93cb corporate/4.0/x86_64/squirrelmail-cyrus-1.4.8-3.1.20060mlcs4.noarch.rpm
a43d22f7c65980cfed004909bbb30eab corporate/4.0/x86_64/squirrelmail-da-1.4.8-3.1.20060mlcs4.noarch.rpm
2358f02f874cce70b2c3981f56cbbf32 corporate/4.0/x86_64/squirrelmail-de-1.4.8-3.1.20060mlcs4.noarch.rpm
eabb1921968805c7cbf22798fcebc7af corporate/4.0/x86_64/squirrelmail-el-1.4.8-3.1.20060mlcs4.noarch.rpm
a43fb652af55cadf50258136fdeb2d74 corporate/4.0/x86_64/squirrelmail-en-1.4.8-3.1.20060mlcs4.noarch.rpm
4500d031b892b441f433746336c7dcf0 corporate/4.0/x86_64/squirrelmail-es-1.4.8-3.1.20060mlcs4.noarch.rpm
58cb4546b05efac31f3a64e1014095ee corporate/4.0/x86_64/squirrelmail-et-1.4.8-3.1.20060mlcs4.noarch.rpm
dcf6ae26d69ade7fc454625046129360 corporate/4.0/x86_64/squirrelmail-eu-1.4.8-3.1.20060mlcs4.noarch.rpm
ef5cf4b334635291e9a510bb9ed794eb corporate/4.0/x86_64/squirrelmail-fa-1.4.8-3.1.20060mlcs4.noarch.rpm
40b9915e723a0f573f1572cffaf03bf4 corporate/4.0/x86_64/squirrelmail-fi-1.4.8-3.1.20060mlcs4.noarch.rpm
0bfa396c60e5cf6a47229f69c9b337a1 corporate/4.0/x86_64/squirrelmail-fo-1.4.8-3.1.20060mlcs4.noarch.rpm
bea0e3c16887a984a6f8fd7084d27db6 corporate/4.0/x86_64/squirrelmail-fr-1.4.8-3.1.20060mlcs4.noarch.rpm
43059bc5bc5c91e5414946b34eda580c corporate/4.0/x86_64/squirrelmail-he-1.4.8-3.1.20060mlcs4.noarch.rpm
dba3a65e08dd093bd9f6865f403aca06 corporate/4.0/x86_64/squirrelmail-hr-1.4.8-3.1.20060mlcs4.noarch.rpm
a97490f955480bb90321b5a96653f228 corporate/4.0/x86_64/squirrelmail-hu-1.4.8-3.1.20060mlcs4.noarch.rpm
0211d99cc8a5ed9385f3d0a59f8a5f1b corporate/4.0/x86_64/squirrelmail-id-1.4.8-3.1.20060mlcs4.noarch.rpm
6db9f5d3699dc30d5abf17bbf3367161 corporate/4.0/x86_64/squirrelmail-is-1.4.8-3.1.20060mlcs4.noarch.rpm
53029ee9fc829a6b4c20007fc8e15d99 corporate/4.0/x86_64/squirrelmail-it-1.4.8-3.1.20060mlcs4.noarch.rpm
1e7fbb15fe44df99d88732a11765c460 corporate/4.0/x86_64/squirrelmail-ja-1.4.8-3.1.20060mlcs4.noarch.rpm
f65f1c05de5b647f503e7e1b203171d7 corporate/4.0/x86_64/squirrelmail-ka-1.4.8-3.1.20060mlcs4.noarch.rpm
fe1d25b5ad531f90cf05af7c293a645f corporate/4.0/x86_64/squirrelmail-ko-1.4.8-3.1.20060mlcs4.noarch.rpm
144bfe711e3effd39cfc6e410ca9af0d corporate/4.0/x86_64/squirrelmail-lt-1.4.8-3.1.20060mlcs4.noarch.rpm
91d2336ef151704e2e7695d7637a989f corporate/4.0/x86_64/squirrelmail-ms-1.4.8-3.1.20060mlcs4.noarch.rpm
6c450896ce137fd1220658857e7fa7ee corporate/4.0/x86_64/squirrelmail-nb-1.4.8-3.1.20060mlcs4.noarch.rpm
f6c1404ec21d6bc6ddba5a720fe7d2ef corporate/4.0/x86_64/squirrelmail-nl-1.4.8-3.1.20060mlcs4.noarch.rpm
5c289717bc9518ba1133d6e91b5e5a77 corporate/4.0/x86_64/squirrelmail-nn-1.4.8-3.1.20060mlcs4.noarch.rpm
f459bf2f55c0733d63ce96eb365b9d22 corporate/4.0/x86_64/squirrelmail-pl-1.4.8-3.1.20060mlcs4.noarch.rpm
e0a44506bb0f05f0443155b0faf19443 corporate/4.0/x86_64/squirrelmail-poutils-1.4.8-3.1.20060mlcs4.noarch.rpm
6f0b27637a7208b118bb7b9e06b477dd corporate/4.0/x86_64/squirrelmail-pt-1.4.8-3.1.20060mlcs4.noarch.rpm
9bfcb50cecb0ab7e32bd768b03692a0a corporate/4.0/x86_64/squirrelmail-ro-1.4.8-3.1.20060mlcs4.noarch.rpm
d8093092134cc585726dd979efb4b651 corporate/4.0/x86_64/squirrelmail-ru-1.4.8-3.1.20060mlcs4.noarch.rpm
1c374b54c33289b2dcb0b237b3f133f5 corporate/4.0/x86_64/squirrelmail-sk-1.4.8-3.1.20060mlcs4.noarch.rpm
bc93e042ec8afc9c72dda75f31099b49 corporate/4.0/x86_64/squirrelmail-sl-1.4.8-3.1.20060mlcs4.noarch.rpm
6e0c7da453b631024cbbeb7e12e7ba5c corporate/4.0/x86_64/squirrelmail-sr-1.4.8-3.1.20060mlcs4.noarch.rpm
aa294e3ad85a698dd3c34777d4da7903 corporate/4.0/x86_64/squirrelmail-sv-1.4.8-3.1.20060mlcs4.noarch.rpm
e603484d002b57e8a021ac28de0b3179 corporate/4.0/x86_64/squirrelmail-th-1.4.8-3.1.20060mlcs4.noarch.rpm
c5f7e2607f8b5113af875c53628cbc19 corporate/4.0/x86_64/squirrelmail-tl-1.4.8-3.1.20060mlcs4.noarch.rpm
7182b852259c4be5e537418ec5b2305a corporate/4.0/x86_64/squirrelmail-tr-1.4.8-3.1.20060mlcs4.noarch.rpm
56a78e1547cab2d3b7efcccb35d7b010 corporate/4.0/x86_64/squirrelmail-ug-1.4.8-3.1.20060mlcs4.noarch.rpm
abe4dbdd1dad7b5adb246195f1e0178b corporate/4.0/x86_64/squirrelmail-uk-1.4.8-3.1.20060mlcs4.noarch.rpm
e871bd1da833d961cd62eba52a383354 corporate/4.0/x86_64/squirrelmail-vi-1.4.8-3.1.20060mlcs4.noarch.rpm
508e5df69a92f5759545e7279f5d729b corporate/4.0/x86_64/squirrelmail-zh_CN-1.4.8-3.1.20060mlcs4.noarch.rpm
ec8c34458856e9b6aaefcdd5453dcb5e corporate/4.0/x86_64/squirrelmail-zh_TW-1.4.8-3.1.20060mlcs4.noarch.rpm
b134bb2e680863641a457b9478b59390 corporate/4.0/SRPMS/squirrelmail-1.4.8-3.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFfW5wmqjQ0CJFipgRAvoRAJ9tgXJ7SymXjCVfv2XJoMBaPybpbQCeOOZb
DtlfBAINiPFQINRoofLhzLg=
=zXcQ
-----END PGP SIGNATURE-----