[El-errata] ELSA-2009-0010 Moderate: Enterprise Linux 5 squirrelmail security update
Errata Announcements for Enterprise Linux
el-errata at oss.oracle.com
Mon Jan 12 17:24:06 PST 2009
Enterprise Linux Security Advisory ELSA-2009-0010
https://rhn.redhat.com/errata/RHSA-2009-0010.html
The following updated rpms for Enterprise Linux 5 have been uploaded to
the Unbreakable Linux Network:
i386:
squirrelmail-1.4.8-5.0.1.el5_2.2.noarch.rpm
x86_64:
squirrelmail-1.4.8-5.0.1.el5_2.2.noarch.rpm
SRPMS:
http://oss.oracle.com/el5/SRPMS-updates/squirrelmail-1.4.8-5.0.1.el5_2.2.src.rpm
Description of changes:
[1.4.8-5.0.1.el5_2.2]
- Remove Redhat splash screen images
[1.4.8-5.2]
- Resolves: CVE-2008-2379
- fix XSS issue caused by an insufficient html mail sanitation
[1.4.8-5.1]
- don't transmit cookies under non-SSL connections if the session
is started under an SSL (https) connection
- Resolves: CVE-2008-3663, #468398
- fix release number with respect to Z-stream nvr policy
More information about the El-errata
mailing list