[El-errata] ELSA-2012-0103 Moderate: Oracle Linux 4 squirrelmail security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Feb 9 09:03:56 PST 2012


Oracle Linux Security Advisory ELSA-2012-0103

https://rhn.redhat.com/errata/RHSA-2012-0103.html

The following updated rpms for Oracle Linux 4 have been uploaded to the 
Unbreakable Linux Network:

i386:
squirrelmail-1.4.8-18.0.1.el4.noarch.rpm

x86_64:
squirrelmail-1.4.8-18.0.1.el4.noarch.rpm

ia64:
squirrelmail-1.4.8-18.0.1.el4.noarch.rpm


SRPMS:
http://oss.oracle.com/el4/SRPMS-updates/squirrelmail-1.4.8-18.0.1.el4.src.rpm


Description of changes:

[1.4.8-18.0.1.el4]
- Remove Redhat splash screen banners

[1.4.8-18]
- fix typo in CVE-20210-4555 patch

[1.4.8-17]
- patch for CVE-2010-2813 was not complete

[1.4.8-16]
- skip already used release numbers

[1.4.8-6]
- fix: CVE-2010-1637 : Port-scans via non-standard POP3 server ports in
   Mail Fetch plugin
- fix: CVE-2010-2813 : DoS (disk space consumption) by random IMAP login
   attempts with 8-bit characters in the password
- fix: CVE-2010-4554 : Prone to clickjacking attacks
- fix: CVE-2010-4555 : Multiple XSS flaws
[tag handling]
- fix: CVE-2011-2752 : CRLF injection vulnerability
- fix: CVE-2011-2753 : CSRF in the empty trash feature and in Index 
Order page





More information about the El-errata mailing list