-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:226 http://www.mandriva.com/security/ _______________________________________________________________________ Package : squirrelmail Date : December 11, 2006 Affected: Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter." Updated packages are patched to address these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6142 _______________________________________________________________________ Updated Packages: Corporate 3.0: fdd1baf652c58196f2b538b389bec65f corporate/3.0/i586/squirrelmail-1.4.5-1.5.C30mdk.noarch.rpm 89d39b6fc6a73d84feeb9f3deb458d0a corporate/3.0/i586/squirrelmail-poutils-1.4.5-1.5.C30mdk.noarch.rpm d4de921727ae29bba7221a3e93d487bc corporate/3.0/SRPMS/squirrelmail-1.4.5-1.5.C30mdk.src.rpm Corporate 3.0/X86_64: ba27570deb04e7ff3400a280bbe75d52 corporate/3.0/x86_64/squirrelmail-1.4.5-1.5.C30mdk.noarch.rpm 276acc4e766908c326321cd214abd341 corporate/3.0/x86_64/squirrelmail-poutils-1.4.5-1.5.C30mdk.noarch.rpm d4de921727ae29bba7221a3e93d487bc corporate/3.0/SRPMS/squirrelmail-1.4.5-1.5.C30mdk.src.rpm Corporate 4.0: 9503ad05873246568977df58ddc01e96 corporate/4.0/i586/squirrelmail-1.4.8-3.1.20060mlcs4.noarch.rpm 15d7cc5cf7b4f377c989dbfdfde9bc3a corporate/4.0/i586/squirrelmail-ar-1.4.8-3.1.20060mlcs4.noarch.rpm cbb2b592b960ee18160b0545bd01b11b corporate/4.0/i586/squirrelmail-bg-1.4.8-3.1.20060mlcs4.noarch.rpm 823a98906ea456700be9f9301c03d3ca corporate/4.0/i586/squirrelmail-bn-1.4.8-3.1.20060mlcs4.noarch.rpm da53ecb3b61aacb38d9091416be2ad56 corporate/4.0/i586/squirrelmail-ca-1.4.8-3.1.20060mlcs4.noarch.rpm a678e3d9380e1ab15f7232f64a4eb968 corporate/4.0/i586/squirrelmail-cs-1.4.8-3.1.20060mlcs4.noarch.rpm f8b349923a77d8b844aa8ec86a63271d corporate/4.0/i586/squirrelmail-cy-1.4.8-3.1.20060mlcs4.noarch.rpm 276bd5cfb76328244e1359e5026b5d6b corporate/4.0/i586/squirrelmail-cyrus-1.4.8-3.1.20060mlcs4.noarch.rpm 39a5d34d477eb4ebe60e3a70c67f52e5 corporate/4.0/i586/squirrelmail-da-1.4.8-3.1.20060mlcs4.noarch.rpm 993a2c910c67f3c91723c2d4a0813f9c corporate/4.0/i586/squirrelmail-de-1.4.8-3.1.20060mlcs4.noarch.rpm 06f4e571aba0928134506bd2a9198932 corporate/4.0/i586/squirrelmail-el-1.4.8-3.1.20060mlcs4.noarch.rpm 63ec92841ad90c70dae9d64e72c82662 corporate/4.0/i586/squirrelmail-en-1.4.8-3.1.20060mlcs4.noarch.rpm d8e5a906d6e759ae19ff100690ec5e63 corporate/4.0/i586/squirrelmail-es-1.4.8-3.1.20060mlcs4.noarch.rpm 385f47aa4d9812a0a7d75a9db33b18b9 corporate/4.0/i586/squirrelmail-et-1.4.8-3.1.20060mlcs4.noarch.rpm 39fe314ed16fda2f4d342dc7f45271a4 corporate/4.0/i586/squirrelmail-eu-1.4.8-3.1.20060mlcs4.noarch.rpm 2959c6d41637880844da2a4b928ab3ea corporate/4.0/i586/squirrelmail-fa-1.4.8-3.1.20060mlcs4.noarch.rpm 0f26c752ebe55b741da49ffc8e7df910 corporate/4.0/i586/squirrelmail-fi-1.4.8-3.1.20060mlcs4.noarch.rpm fb53b2054f25f65f75529a4500adb05e corporate/4.0/i586/squirrelmail-fo-1.4.8-3.1.20060mlcs4.noarch.rpm 52204b63d7536a948aefe250b075ab4b corporate/4.0/i586/squirrelmail-fr-1.4.8-3.1.20060mlcs4.noarch.rpm c877a11c38c60fa0664b425190d73e6b corporate/4.0/i586/squirrelmail-he-1.4.8-3.1.20060mlcs4.noarch.rpm 59aac3b1912c3da62b3b721361db620b corporate/4.0/i586/squirrelmail-hr-1.4.8-3.1.20060mlcs4.noarch.rpm 91fa54fde44d76216b3195a6e6e7f1a4 corporate/4.0/i586/squirrelmail-hu-1.4.8-3.1.20060mlcs4.noarch.rpm 8ad5805c6e351ae6fa6fbb53b13cb4de corporate/4.0/i586/squirrelmail-id-1.4.8-3.1.20060mlcs4.noarch.rpm af76a96cd2f1376eae5c1bf2f3d1f65b corporate/4.0/i586/squirrelmail-is-1.4.8-3.1.20060mlcs4.noarch.rpm 7b1f3d4cdcf063b1e8b5f308e217e554 corporate/4.0/i586/squirrelmail-it-1.4.8-3.1.20060mlcs4.noarch.rpm bc1f13031e7155bca253f5835ae0c90c corporate/4.0/i586/squirrelmail-ja-1.4.8-3.1.20060mlcs4.noarch.rpm a4f516f21f2036e89484dafe9d3d1a6c corporate/4.0/i586/squirrelmail-ka-1.4.8-3.1.20060mlcs4.noarch.rpm 0e9b7214f5ce67f1a7b55d0bd196d814 corporate/4.0/i586/squirrelmail-ko-1.4.8-3.1.20060mlcs4.noarch.rpm 35a4bc3bf9161ffc3d10c5e4aed52877 corporate/4.0/i586/squirrelmail-lt-1.4.8-3.1.20060mlcs4.noarch.rpm 75b9963fa101cb2c71831ce4dd4e7f33 corporate/4.0/i586/squirrelmail-ms-1.4.8-3.1.20060mlcs4.noarch.rpm ef4f24c8f94cb9e6384a35a556de256e corporate/4.0/i586/squirrelmail-nb-1.4.8-3.1.20060mlcs4.noarch.rpm 4d2b35b6527db41eec54c917dd44ba01 corporate/4.0/i586/squirrelmail-nl-1.4.8-3.1.20060mlcs4.noarch.rpm 5db7bfef8a1ccfd7b2e5d57ca119a7e0 corporate/4.0/i586/squirrelmail-nn-1.4.8-3.1.20060mlcs4.noarch.rpm afe1da824ed5c25db8046b4ddc2389d8 corporate/4.0/i586/squirrelmail-pl-1.4.8-3.1.20060mlcs4.noarch.rpm b22b1fbf3a474983d017a164d737bba9 corporate/4.0/i586/squirrelmail-poutils-1.4.8-3.1.20060mlcs4.noarch.rpm 9ca9b100b0649843e2f17ef33c69a3a2 corporate/4.0/i586/squirrelmail-pt-1.4.8-3.1.20060mlcs4.noarch.rpm 780fff6991d9116971c35ec2fa378d90 corporate/4.0/i586/squirrelmail-ro-1.4.8-3.1.20060mlcs4.noarch.rpm 99cad9c5a0c26db2c6698f1a9b6ed804 corporate/4.0/i586/squirrelmail-ru-1.4.8-3.1.20060mlcs4.noarch.rpm e074101cbddda0086eb8628528218abd corporate/4.0/i586/squirrelmail-sk-1.4.8-3.1.20060mlcs4.noarch.rpm 9c856a8fa088e9e5e8dc28a7c087b4d2 corporate/4.0/i586/squirrelmail-sl-1.4.8-3.1.20060mlcs4.noarch.rpm 9e8d04ac9b1c7c089055572e486fffa8 corporate/4.0/i586/squirrelmail-sr-1.4.8-3.1.20060mlcs4.noarch.rpm ee4c5f91c8065ff407aea103bb20e024 corporate/4.0/i586/squirrelmail-sv-1.4.8-3.1.20060mlcs4.noarch.rpm 93267f0d3add91d9fa71e2f1680a89f3 corporate/4.0/i586/squirrelmail-th-1.4.8-3.1.20060mlcs4.noarch.rpm 8614c64008b94ad139fdd3336421c920 corporate/4.0/i586/squirrelmail-tl-1.4.8-3.1.20060mlcs4.noarch.rpm 4a6fbf0245470d9fcf5072ae77ac4eef corporate/4.0/i586/squirrelmail-tr-1.4.8-3.1.20060mlcs4.noarch.rpm 3f2f133c3d0cacecadefc7648aae6c0d corporate/4.0/i586/squirrelmail-ug-1.4.8-3.1.20060mlcs4.noarch.rpm 2b836169ca514af3ded1383d027cd170 corporate/4.0/i586/squirrelmail-uk-1.4.8-3.1.20060mlcs4.noarch.rpm 46390f41d8942b9ca14c5cc81898a00f corporate/4.0/i586/squirrelmail-vi-1.4.8-3.1.20060mlcs4.noarch.rpm 930c18bdca20d0b1a65728b255a71f96 corporate/4.0/i586/squirrelmail-zh_CN-1.4.8-3.1.20060mlcs4.noarch.rpm 5dc8559e99284aff1e482457a0d1ed3d corporate/4.0/i586/squirrelmail-zh_TW-1.4.8-3.1.20060mlcs4.noarch.rpm b134bb2e680863641a457b9478b59390 corporate/4.0/SRPMS/squirrelmail-1.4.8-3.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: c2b0dd3acf47652ac205c2e0b3be24a9 corporate/4.0/x86_64/squirrelmail-1.4.8-3.1.20060mlcs4.noarch.rpm 0820ee17a848c6acc42444df660f9ac3 corporate/4.0/x86_64/squirrelmail-ar-1.4.8-3.1.20060mlcs4.noarch.rpm f372ff44ac3ac7ea668b57607897f694 corporate/4.0/x86_64/squirrelmail-bg-1.4.8-3.1.20060mlcs4.noarch.rpm a5bd987ea5051a5f3e81af1461a832ed corporate/4.0/x86_64/squirrelmail-bn-1.4.8-3.1.20060mlcs4.noarch.rpm 7be52eb4a430b2468d658edc54ea046f corporate/4.0/x86_64/squirrelmail-ca-1.4.8-3.1.20060mlcs4.noarch.rpm c84b32819f87050a562b045b0c48e53e corporate/4.0/x86_64/squirrelmail-cs-1.4.8-3.1.20060mlcs4.noarch.rpm 83cc2f2456de5579301ad5c0e4c120be corporate/4.0/x86_64/squirrelmail-cy-1.4.8-3.1.20060mlcs4.noarch.rpm de4aa16075840a7b7e07f1fe78ba93cb corporate/4.0/x86_64/squirrelmail-cyrus-1.4.8-3.1.20060mlcs4.noarch.rpm a43d22f7c65980cfed004909bbb30eab corporate/4.0/x86_64/squirrelmail-da-1.4.8-3.1.20060mlcs4.noarch.rpm 2358f02f874cce70b2c3981f56cbbf32 corporate/4.0/x86_64/squirrelmail-de-1.4.8-3.1.20060mlcs4.noarch.rpm eabb1921968805c7cbf22798fcebc7af corporate/4.0/x86_64/squirrelmail-el-1.4.8-3.1.20060mlcs4.noarch.rpm a43fb652af55cadf50258136fdeb2d74 corporate/4.0/x86_64/squirrelmail-en-1.4.8-3.1.20060mlcs4.noarch.rpm 4500d031b892b441f433746336c7dcf0 corporate/4.0/x86_64/squirrelmail-es-1.4.8-3.1.20060mlcs4.noarch.rpm 58cb4546b05efac31f3a64e1014095ee corporate/4.0/x86_64/squirrelmail-et-1.4.8-3.1.20060mlcs4.noarch.rpm dcf6ae26d69ade7fc454625046129360 corporate/4.0/x86_64/squirrelmail-eu-1.4.8-3.1.20060mlcs4.noarch.rpm ef5cf4b334635291e9a510bb9ed794eb corporate/4.0/x86_64/squirrelmail-fa-1.4.8-3.1.20060mlcs4.noarch.rpm 40b9915e723a0f573f1572cffaf03bf4 corporate/4.0/x86_64/squirrelmail-fi-1.4.8-3.1.20060mlcs4.noarch.rpm 0bfa396c60e5cf6a47229f69c9b337a1 corporate/4.0/x86_64/squirrelmail-fo-1.4.8-3.1.20060mlcs4.noarch.rpm bea0e3c16887a984a6f8fd7084d27db6 corporate/4.0/x86_64/squirrelmail-fr-1.4.8-3.1.20060mlcs4.noarch.rpm 43059bc5bc5c91e5414946b34eda580c corporate/4.0/x86_64/squirrelmail-he-1.4.8-3.1.20060mlcs4.noarch.rpm dba3a65e08dd093bd9f6865f403aca06 corporate/4.0/x86_64/squirrelmail-hr-1.4.8-3.1.20060mlcs4.noarch.rpm a97490f955480bb90321b5a96653f228 corporate/4.0/x86_64/squirrelmail-hu-1.4.8-3.1.20060mlcs4.noarch.rpm 0211d99cc8a5ed9385f3d0a59f8a5f1b corporate/4.0/x86_64/squirrelmail-id-1.4.8-3.1.20060mlcs4.noarch.rpm 6db9f5d3699dc30d5abf17bbf3367161 corporate/4.0/x86_64/squirrelmail-is-1.4.8-3.1.20060mlcs4.noarch.rpm 53029ee9fc829a6b4c20007fc8e15d99 corporate/4.0/x86_64/squirrelmail-it-1.4.8-3.1.20060mlcs4.noarch.rpm 1e7fbb15fe44df99d88732a11765c460 corporate/4.0/x86_64/squirrelmail-ja-1.4.8-3.1.20060mlcs4.noarch.rpm f65f1c05de5b647f503e7e1b203171d7 corporate/4.0/x86_64/squirrelmail-ka-1.4.8-3.1.20060mlcs4.noarch.rpm fe1d25b5ad531f90cf05af7c293a645f corporate/4.0/x86_64/squirrelmail-ko-1.4.8-3.1.20060mlcs4.noarch.rpm 144bfe711e3effd39cfc6e410ca9af0d corporate/4.0/x86_64/squirrelmail-lt-1.4.8-3.1.20060mlcs4.noarch.rpm 91d2336ef151704e2e7695d7637a989f corporate/4.0/x86_64/squirrelmail-ms-1.4.8-3.1.20060mlcs4.noarch.rpm 6c450896ce137fd1220658857e7fa7ee corporate/4.0/x86_64/squirrelmail-nb-1.4.8-3.1.20060mlcs4.noarch.rpm f6c1404ec21d6bc6ddba5a720fe7d2ef corporate/4.0/x86_64/squirrelmail-nl-1.4.8-3.1.20060mlcs4.noarch.rpm 5c289717bc9518ba1133d6e91b5e5a77 corporate/4.0/x86_64/squirrelmail-nn-1.4.8-3.1.20060mlcs4.noarch.rpm f459bf2f55c0733d63ce96eb365b9d22 corporate/4.0/x86_64/squirrelmail-pl-1.4.8-3.1.20060mlcs4.noarch.rpm e0a44506bb0f05f0443155b0faf19443 corporate/4.0/x86_64/squirrelmail-poutils-1.4.8-3.1.20060mlcs4.noarch.rpm 6f0b27637a7208b118bb7b9e06b477dd corporate/4.0/x86_64/squirrelmail-pt-1.4.8-3.1.20060mlcs4.noarch.rpm 9bfcb50cecb0ab7e32bd768b03692a0a corporate/4.0/x86_64/squirrelmail-ro-1.4.8-3.1.20060mlcs4.noarch.rpm d8093092134cc585726dd979efb4b651 corporate/4.0/x86_64/squirrelmail-ru-1.4.8-3.1.20060mlcs4.noarch.rpm 1c374b54c33289b2dcb0b237b3f133f5 corporate/4.0/x86_64/squirrelmail-sk-1.4.8-3.1.20060mlcs4.noarch.rpm bc93e042ec8afc9c72dda75f31099b49 corporate/4.0/x86_64/squirrelmail-sl-1.4.8-3.1.20060mlcs4.noarch.rpm 6e0c7da453b631024cbbeb7e12e7ba5c corporate/4.0/x86_64/squirrelmail-sr-1.4.8-3.1.20060mlcs4.noarch.rpm aa294e3ad85a698dd3c34777d4da7903 corporate/4.0/x86_64/squirrelmail-sv-1.4.8-3.1.20060mlcs4.noarch.rpm e603484d002b57e8a021ac28de0b3179 corporate/4.0/x86_64/squirrelmail-th-1.4.8-3.1.20060mlcs4.noarch.rpm c5f7e2607f8b5113af875c53628cbc19 corporate/4.0/x86_64/squirrelmail-tl-1.4.8-3.1.20060mlcs4.noarch.rpm 7182b852259c4be5e537418ec5b2305a corporate/4.0/x86_64/squirrelmail-tr-1.4.8-3.1.20060mlcs4.noarch.rpm 56a78e1547cab2d3b7efcccb35d7b010 corporate/4.0/x86_64/squirrelmail-ug-1.4.8-3.1.20060mlcs4.noarch.rpm abe4dbdd1dad7b5adb246195f1e0178b corporate/4.0/x86_64/squirrelmail-uk-1.4.8-3.1.20060mlcs4.noarch.rpm e871bd1da833d961cd62eba52a383354 corporate/4.0/x86_64/squirrelmail-vi-1.4.8-3.1.20060mlcs4.noarch.rpm 508e5df69a92f5759545e7279f5d729b corporate/4.0/x86_64/squirrelmail-zh_CN-1.4.8-3.1.20060mlcs4.noarch.rpm ec8c34458856e9b6aaefcdd5453dcb5e corporate/4.0/x86_64/squirrelmail-zh_TW-1.4.8-3.1.20060mlcs4.noarch.rpm b134bb2e680863641a457b9478b59390 corporate/4.0/SRPMS/squirrelmail-1.4.8-3.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFfW5wmqjQ0CJFipgRAvoRAJ9tgXJ7SymXjCVfv2XJoMBaPybpbQCeOOZb DtlfBAINiPFQINRoofLhzLg= =zXcQ -----END PGP SIGNATURE-----