[El-errata] ELSA-2009-0010 Moderate: Enterprise Linux 4 squirrelmail security update

Errata Announcements for Enterprise Linux el-errata at oss.oracle.com
Mon Jan 12 17:24:42 PST 2009


Enterprise Linux Security Advisory ELSA-2009-0010

https://rhn.redhat.com/errata/RHSA-2009-0010.html

The following updated rpms for Enterprise Linux 4 have been uploaded to 
the Unbreakable Linux Network:

i386:
squirrelmail-1.4.8-5.0.1.el4_7.2.noarch.rpm

x86_64:
squirrelmail-1.4.8-5.0.1.el4_7.2.noarch.rpm

ia64:
squirrelmail-1.4.8-5.0.1.el4_7.2.noarch.rpm


SRPMS:
http://oss.oracle.com/el4/SRPMS-updates/squirrelmail-1.4.8-5.0.1.el4_7.2.src.rpm


Description of changes:

[1.4.8-5.0.1.el4_7.2]
- Remove Redhat splash screen banners

[1.4.8-5.2]
- Resolves: CVE-2008-2379
- fix XSS issue caused by an insufficient html mail sanitation

[1.4.8-5.1]
- don't transmit cookies under non-SSL connections if the session
  is started under an SSL (https) connection
- Resolves: CVE-2008-3663
- fix release number with respect to Z-stream nvr policy





More information about the El-errata mailing list