You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa squirrelmail

Sigurnosni nedostaci programskog paketa squirrelmail

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2019-ad02f64a79
2019-08-15 18:07:56.659694
——————————————————————————–

Name : squirrelmail
Product : Fedora 30
Version : 1.4.23
Release : 1.fc30.20190710
URL : http://www.squirrelmail.org/
Summary : webmail client written in php
Description :
SquirrelMail is a basic webmail package written in PHP4. It
includes built-in pure PHP support for the IMAP and SMTP protocols, and
all pages render in pure HTML 4.0 (with no JavaScript) for maximum
compatibility across browsers. It has very few requirements and is very
easy to configure and install.

——————————————————————————–
Update Information:

updated to 1.4 branch snapshot containing several security fixes
——————————————————————————–
ChangeLog:

* Wed Jul 10 2019 Michal Hlavinka <mhlavink@redhat.com> – 1.4.23-1.20190710
– squirrelmail updated to newer snapshot
——————————————————————————–
References:

[ 1 ] Bug #1616100 – CVE-2018-14955 squirrelmail: persistent XSS in message display via SVG animations [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1616100
[ 2 ] Bug #1616097 – CVE-2018-14954 squirrelmail: persistent XSS in message display the formaction attribute [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1616097
[ 3 ] Bug #1616094 – CVE-2018-14953 squirrelmail: persistent XSS in message display via a “<math xlink:href=” [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1616094
[ 4 ] Bug #1616090 – CVE-2018-14952 squirrelmail: persistent XSS in message display via a “<math><maction xlink:href=” [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1616090
[ 5 ] Bug #1616087 – CVE-2018-14951 squirrelmail: persistent XSS in message display via a “<form action=’data:text” [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1616087
[ 6 ] Bug #1616084 – CVE-2018-14950 squirrelmail: persistent XSS in message display via a “<svg><a xlink:href=” [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1616084
[ 7 ] Bug #1560341 – CVE-2018-8741 SquirrelMail: Directory traversal flaw in Deliver.class.php can allow a remote attacker to retrieve or delete arbitrary files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560341
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-ad02f64a79’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

AutorToni Vugdelija
Cert idNCERT-REF-2019-08-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa subversion:1.10

Otkriven je sigurnosni nedostatak u programskom paketu subversion:1.10 za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja....

Close