User: Password:
Subscribe / Log in / New account

Yellow Dog alert YDU-20030602-2 (squirrelmail)

From:  security <>
Subject:  Yellow Dog Linux Security Advisory: YDU-20030602-2
Date:  Tue, 03 Jun 2003 15:04:34 -0600

Yellow Dog Linux Security Announcement -------------------------------------- Package: squirrelmail Issue Date: Jun 02,2003 Priority: medium Advisory ID: YDU-20030602-2 1. Topic: Updated squirrelmail packages are available. 2. Problem: "SquirrelMail is a webmail package written in PHP. Multiple vulnerabilities have been found which affect versions of SquirrelMail shipped with Red Hat Linux 8.0 and Red Hat Linux 9. Cross-site scripting vulnerabilities in SquirrelMail version 1.2.10 and earlier allow remote attackers to execute script as other Web users via mailbox displays, message displays, or search results displays. The Common Vulnerabilities and Exposures project ( has assigned the name CAN-2003-0160 to these issues. All users are advised to upgrade to these errata packages containing SquirrelMail version 1.2.11, which is not vulnerable to these issues." (From Red Hat Advisory) 3. Solution: a) Updating via apt... We suggest that you use the apt-get program to keep your system up-to-date. The following command(s) will retrieve and install the fixed version of this update onto your system: apt-get update apt-get install squirrelmail b) Updating manually... Download the updates below and then run the following rpm command. (Please use a mirror site) rpm -Fvh [filenames] Yellow Dog Linux 3.0 ppc/squirrelmail-1.2.11-1.noarch.rpm 4. Verification MD5 checksum Package -------------------------------- ---------------------------- [Yellow Dog Linux 3.0] ffc1ebdb9290f8155edd26d609281143 SRPMS/squirrelmail-1.2.11-1.src.rpm 0862041c9681b723b3c0dc2e755f73be ppc/squirrelmail-1.2.11-1.noarch.rpm If you wish to verify that each package has not been corrupted or tampered with, examine the md5sum with the following command: md5sum <filename> 5. Misc. Terra Soft has setup a moderated mailing list where these security, bugfix, and package enhancement announcements will be posted. See for more information. For information regarding the usage of apt-get, see: _______________________________________________ yellowdog-updates mailing list

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds