Oracle alert ELSA-2012-0103 (squirrelmail)

From:
    	     
 
Errata Announcements for Oracle Linux <el-errata@oracle.com> 
To:
    	     
 
el-errata@oss.oracle.com 
Subject:
    	     
 
[El-errata] ELSA-2012-0103 Moderate: Oracle Linux 5 squirrelmail
	security update 
Date:
    	     
 
Thu, 09 Feb 2012 09:04:04 -0800
Message-ID:
    	     
 
<4F33FC84.3020105@oracle.com>
Archive-link:
    	     
 
Article, Thread
              
Oracle Linux Security Advisory ELSA-2012-0103

https://rhn.redhat.com/errata/RHSA-2012-0103.html

The following updated rpms for Oracle Linux 5 have been uploaded to the 
Unbreakable Linux Network:

i386:
squirrelmail-1.4.8-5.0.1.el5_7.13.noarch.rpm

x86_64:
squirrelmail-1.4.8-5.0.1.el5_7.13.noarch.rpm

ia64:
squirrelmail-1.4.8-5.0.1.el5_7.13.noarch.rpm


SRPMS:
http://oss.oracle.com/ol5/SRPMS-updates/squirrelmail-1.4....


Description of changes:

[1.4.8-5.0.1.el5_7.13]
- Remove Redhat splash screen images

[1.4.8-5.13]
- fix typo in CVE-20210-4555 patch

[1.4.8-5.12]
- patch for CVE-2010-2813 was not complete

[1.4.8-5.11]
- fix: CVE-2010-1637 : Port-scans via non-standard POP3 server ports in
   Mail Fetch plugin
- fix: CVE-2010-2813 : DoS (disk space consumption) by random IMAP login
   attempts with 8-bit characters in the password
- fix: CVE-2010-4554 : Prone to clickjacking attacks
- fix: CVE-2010-4555 : Multiple XSS flaws
[tag handling]
- fix: CVE-2011-2752 : CRLF injection vulnerability
- fix: CVE-2011-2753 : CSRF in the empty trash feature and in Index 
Order page


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
http://oss.oracle.com/mailman/listinfo/el-errata