[El-errata] ELSA-2012-0103 Moderate: Oracle Linux 5 squirrelmail security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Feb 9 09:04:04 PST 2012


Oracle Linux Security Advisory ELSA-2012-0103

https://rhn.redhat.com/errata/RHSA-2012-0103.html

The following updated rpms for Oracle Linux 5 have been uploaded to the 
Unbreakable Linux Network:

i386:
squirrelmail-1.4.8-5.0.1.el5_7.13.noarch.rpm

x86_64:
squirrelmail-1.4.8-5.0.1.el5_7.13.noarch.rpm

ia64:
squirrelmail-1.4.8-5.0.1.el5_7.13.noarch.rpm


SRPMS:
http://oss.oracle.com/ol5/SRPMS-updates/squirrelmail-1.4.8-5.0.1.el5_7.13.src.rpm


Description of changes:

[1.4.8-5.0.1.el5_7.13]
- Remove Redhat splash screen images

[1.4.8-5.13]
- fix typo in CVE-20210-4555 patch

[1.4.8-5.12]
- patch for CVE-2010-2813 was not complete

[1.4.8-5.11]
- fix: CVE-2010-1637 : Port-scans via non-standard POP3 server ports in
   Mail Fetch plugin
- fix: CVE-2010-2813 : DoS (disk space consumption) by random IMAP login
   attempts with 8-bit characters in the password
- fix: CVE-2010-4554 : Prone to clickjacking attacks
- fix: CVE-2010-4555 : Multiple XSS flaws
[tag handling]
- fix: CVE-2011-2752 : CRLF injection vulnerability
- fix: CVE-2011-2753 : CSRF in the empty trash feature and in Index 
Order page





More information about the El-errata mailing list