[El-errata] ELSA-2009-0010 Moderate: Enterprise Linux 5 squirrelmail security update

Errata Announcements for Enterprise Linux el-errata at oss.oracle.com
Mon Jan 12 17:24:06 PST 2009


Enterprise Linux Security Advisory ELSA-2009-0010

https://rhn.redhat.com/errata/RHSA-2009-0010.html

The following updated rpms for Enterprise Linux 5 have been uploaded to 
the Unbreakable Linux Network:

i386:
squirrelmail-1.4.8-5.0.1.el5_2.2.noarch.rpm

x86_64:
squirrelmail-1.4.8-5.0.1.el5_2.2.noarch.rpm


SRPMS:
http://oss.oracle.com/el5/SRPMS-updates/squirrelmail-1.4.8-5.0.1.el5_2.2.src.rpm


Description of changes:

[1.4.8-5.0.1.el5_2.2]
- Remove Redhat splash screen images

[1.4.8-5.2]
- Resolves: CVE-2008-2379
- fix XSS issue caused by an insufficient html mail sanitation

[1.4.8-5.1]
- don't transmit cookies under non-SSL connections if the session
  is started under an SSL (https) connection
- Resolves: CVE-2008-3663, #468398
- fix release number with respect to Z-stream nvr policy




More information about the El-errata mailing list