Paketname
squirrelmail
Datum
2009-06-23
Advisory ID
MDVSA-2009:122
Betroffene Versionen
CS4.0 x86_64 , CS4.0 i586

Problembeschreibung

A vulnerability has been identified and corrected in squirrelmail:

The map_yp_alias function in functions/imap_general.php in SquirrelMail
before 1.4.19 allows remote attackers to execute arbitrary commands
via shell metacharacters in a username string that is used by the
ypmatch program. NOTE: this issue exists because of an incomplete
fix for CVE-2009-1579. (CVE-2009-1381)

Basically this is a syncronization with the latest squirrelmail package
found in Mandriva Cooker. The rpm changelog will reveal all the changes
(rpm -q --changelog squirrelmail).

The updated packages have been upgraded to the latest version of
squirrelmail to prevent this.

Aktualisierte Pakete

CS4.0 x86_64

 141e9350472907fdf324f93352484402  corporate/4.0/x86_64/squirrelmail-1.4.19-0.1.20060mlcs4.noarch.rpm
 e256a1654248627b9846fdbfc0e43ad7  corporate/4.0/x86_64/squirrelmail-ar-1.4.19-0.1.20060mlcs4.noarch.rpm
 e9b43600ec3a4fad3ad070f80f569119  corporate/4.0/x86_64/squirrelmail-bg-1.4.19-0.1.20060mlcs4.noarch.rpm
 c6a03bdf984f749e3725caae1bdd8e85  corporate/4.0/x86_64/squirrelmail-bn-1.4.19-0.1.20060mlcs4.noarch.rpm
 2507c005808aacdd1bb1d42c0c469930  corporate/4.0/x86_64/squirrelmail-ca-1.4.19-0.1.20060mlcs4.noarch.rpm
 e14c38f79407fd5ff46dc6b89057df4a  corporate/4.0/x86_64/squirrelmail-cs-1.4.19-0.1.20060mlcs4.noarch.rpm
 6ebeb7f6bd5e29b9746a021aeab3a2dc  corporate/4.0/x86_64/squirrelmail-cy-1.4.19-0.1.20060mlcs4.noarch.rpm
 cfd48737f7f72a5421c0b5a24ff2b396  corporate/4.0/x86_64/squirrelmail-cyrus-1.4.19-0.1.20060mlcs4.noarch.rpm
 3c681904b9069353cb78dc84144460da  corporate/4.0/x86_64/squirrelmail-da-1.4.19-0.1.20060mlcs4.noarch.rpm
 f0d6f322e525bcc1e62a7c69e18e7cbc  corporate/4.0/x86_64/squirrelmail-de-1.4.19-0.1.20060mlcs4.noarch.rpm
 f61ac00df6af15ede27ee55572c70a2c  corporate/4.0/x86_64/squirrelmail-el-1.4.19-0.1.20060mlcs4.noarch.rpm
 b519dbd013f1576e9d5780741881cafd  corporate/4.0/x86_64/squirrelmail-en-1.4.19-0.1.20060mlcs4.noarch.rpm
 b2f094abf6d7b24297dc0406198dcbdb  corporate/4.0/x86_64/squirrelmail-es-1.4.19-0.1.20060mlcs4.noarch.rpm
 d6e497482be3ec4f7830c7d0aa33fe0b  corporate/4.0/x86_64/squirrelmail-et-1.4.19-0.1.20060mlcs4.noarch.rpm
 2dd057984bea0ac6bdb81373cb4670c3  corporate/4.0/x86_64/squirrelmail-eu-1.4.19-0.1.20060mlcs4.noarch.rpm
 412f01534aea85856d935680974f17e5  corporate/4.0/x86_64/squirrelmail-fa-1.4.19-0.1.20060mlcs4.noarch.rpm
 92d3aee5fddbf13b2a0aaae8692cc162  corporate/4.0/x86_64/squirrelmail-fi-1.4.19-0.1.20060mlcs4.noarch.rpm
 1dc4579016263ebf7efd6d017ca79133  corporate/4.0/x86_64/squirrelmail-fo-1.4.19-0.1.20060mlcs4.noarch.rpm
 9224a20f02e0ead466330a29be20eb13  corporate/4.0/x86_64/squirrelmail-fr-1.4.19-0.1.20060mlcs4.noarch.rpm
 42b6a3d05bd311ead796f4d3cddb6d0b  corporate/4.0/x86_64/squirrelmail-fy-1.4.19-0.1.20060mlcs4.noarch.rpm
 dc2defe4055dedf18078dd9043d802d3  corporate/4.0/x86_64/squirrelmail-he-1.4.19-0.1.20060mlcs4.noarch.rpm
 31eab7b9396de1144b487557d43e9801  corporate/4.0/x86_64/squirrelmail-hr-1.4.19-0.1.20060mlcs4.noarch.rpm
 1009654e2b12d3923e1482e36919d8c5  corporate/4.0/x86_64/squirrelmail-hu-1.4.19-0.1.20060mlcs4.noarch.rpm
 96a766059fa6fe39d32078ea1daa1796  corporate/4.0/x86_64/squirrelmail-id-1.4.19-0.1.20060mlcs4.noarch.rpm
 fbfe2e40e2b2e09cd4fd89d5f21df72e  corporate/4.0/x86_64/squirrelmail-is-1.4.19-0.1.20060mlcs4.noarch.rpm
 4963112ed14c24d9691deef363de76b8  corporate/4.0/x86_64/squirrelmail-it-1.4.19-0.1.20060mlcs4.noarch.rpm
 6206db8373820b2151718f8fbf459c5a  corporate/4.0/x86_64/squirrelmail-ja-1.4.19-0.1.20060mlcs4.noarch.rpm
 b4249ecf962816ba5fcd661199c4b060  corporate/4.0/x86_64/squirrelmail-ka-1.4.19-0.1.20060mlcs4.noarch.rpm
 082ddb2b09dda383f446ec6b0bd3f1e6  corporate/4.0/x86_64/squirrelmail-ko-1.4.19-0.1.20060mlcs4.noarch.rpm
 71fe65b15fa84a5b85a76a5d963ef68c  corporate/4.0/x86_64/squirrelmail-lt-1.4.19-0.1.20060mlcs4.noarch.rpm
 25d6ae0885be54321bcd086eb2b20e03  corporate/4.0/x86_64/squirrelmail-ms-1.4.19-0.1.20060mlcs4.noarch.rpm
 5e22f9b8d9a5355e492d98d50a00845c  corporate/4.0/x86_64/squirrelmail-nb-1.4.19-0.1.20060mlcs4.noarch.rpm
 6e6625152ae205074ec297b814108a73  corporate/4.0/x86_64/squirrelmail-nl-1.4.19-0.1.20060mlcs4.noarch.rpm
 7d1bcdfb1ee4ca91f33092512e936722  corporate/4.0/x86_64/squirrelmail-nn-1.4.19-0.1.20060mlcs4.noarch.rpm
 6f400936f795aa4c0a0ce269407fb264  corporate/4.0/x86_64/squirrelmail-pl-1.4.19-0.1.20060mlcs4.noarch.rpm
 c2cd325b4b51f8b56f269861cce3c7a7  corporate/4.0/x86_64/squirrelmail-poutils-1.4.19-0.1.20060mlcs4.noarch.rpm
 7c2f1803b03b3320f7aca256f461329f  corporate/4.0/x86_64/squirrelmail-pt-1.4.19-0.1.20060mlcs4.noarch.rpm
 bfaa76d92f39e6394cb18b5b08ce2b21  corporate/4.0/x86_64/squirrelmail-ro-1.4.19-0.1.20060mlcs4.noarch.rpm
 eeedbb528aebcc4a2d077930a8215e11  corporate/4.0/x86_64/squirrelmail-ru-1.4.19-0.1.20060mlcs4.noarch.rpm
 1f181644b298642a070253126f978fa5  corporate/4.0/x86_64/squirrelmail-sk-1.4.19-0.1.20060mlcs4.noarch.rpm
 423f296fe00810d0f16e7f0a79d7ecce  corporate/4.0/x86_64/squirrelmail-sl-1.4.19-0.1.20060mlcs4.noarch.rpm
 43a2db13ca74d92f7c9bbc17dcc235b1  corporate/4.0/x86_64/squirrelmail-sr-1.4.19-0.1.20060mlcs4.noarch.rpm
 c33a3d037d339cb776f691ddb21eb394  corporate/4.0/x86_64/squirrelmail-sv-1.4.19-0.1.20060mlcs4.noarch.rpm
 fe28d3c2fa28c35ca0ca6a5137e6a1b9  corporate/4.0/x86_64/squirrelmail-th-1.4.19-0.1.20060mlcs4.noarch.rpm
 0519045b3d7e85703654f1eaf94c7716  corporate/4.0/x86_64/squirrelmail-tr-1.4.19-0.1.20060mlcs4.noarch.rpm
 d6af28fed5291e857cf5e6c39b026d68  corporate/4.0/x86_64/squirrelmail-ug-1.4.19-0.1.20060mlcs4.noarch.rpm
 ce23fca5337143b987e483d2c1ac5ca9  corporate/4.0/x86_64/squirrelmail-uk-1.4.19-0.1.20060mlcs4.noarch.rpm
 c09a7c455f72294c5c16da32db629145  corporate/4.0/x86_64/squirrelmail-vi-1.4.19-0.1.20060mlcs4.noarch.rpm
 23de844e37d7b62a27d301eafe55c238  corporate/4.0/x86_64/squirrelmail-zh_CN-1.4.19-0.1.20060mlcs4.noarch.rpm
 ea8b3d79bca95b186aedb52b4a096b47  corporate/4.0/x86_64/squirrelmail-zh_TW-1.4.19-0.1.20060mlcs4.noarch.rpm 
 418c8ab99175d7b8182d115182d2f51c  corporate/4.0/SRPMS/squirrelmail-1.4.19-0.1.20060mlcs4.src.rpm

CS4.0 i586

 6b3080300bf36c584634dd09f1c8af39  corporate/4.0/i586/squirrelmail-1.4.19-0.1.20060mlcs4.noarch.rpm
 1f15dcd190c0d4bc2b4f32a77f69783f  corporate/4.0/i586/squirrelmail-ar-1.4.19-0.1.20060mlcs4.noarch.rpm
 944fde793c3737a5f8a2a89041ec2ddc  corporate/4.0/i586/squirrelmail-bg-1.4.19-0.1.20060mlcs4.noarch.rpm
 593f527e352ed52d6214e7dc717557b9  corporate/4.0/i586/squirrelmail-bn-1.4.19-0.1.20060mlcs4.noarch.rpm
 976dfb3939c3981edde142eca527a90a  corporate/4.0/i586/squirrelmail-ca-1.4.19-0.1.20060mlcs4.noarch.rpm
 f626097a727ebfdd66c0476649f001e4  corporate/4.0/i586/squirrelmail-cs-1.4.19-0.1.20060mlcs4.noarch.rpm
 7b60aff68ee875f92e66784568fa22d4  corporate/4.0/i586/squirrelmail-cy-1.4.19-0.1.20060mlcs4.noarch.rpm
 6f312f17747c62a836247ea82346fb24  corporate/4.0/i586/squirrelmail-cyrus-1.4.19-0.1.20060mlcs4.noarch.rpm
 54998ae421ca76868419d9859ceaa984  corporate/4.0/i586/squirrelmail-da-1.4.19-0.1.20060mlcs4.noarch.rpm
 60b681423d7d08be82bd3f7344a795d5  corporate/4.0/i586/squirrelmail-de-1.4.19-0.1.20060mlcs4.noarch.rpm
 60459e331eca2d598548e8ee3342ff52  corporate/4.0/i586/squirrelmail-el-1.4.19-0.1.20060mlcs4.noarch.rpm
 2250b8171d5e52c6cc12cceb064c1178  corporate/4.0/i586/squirrelmail-en-1.4.19-0.1.20060mlcs4.noarch.rpm
 f479cce87a9306027141bae0bd88853f  corporate/4.0/i586/squirrelmail-es-1.4.19-0.1.20060mlcs4.noarch.rpm
 9aeaa6f5185bba450fd646c2d5d38dec  corporate/4.0/i586/squirrelmail-et-1.4.19-0.1.20060mlcs4.noarch.rpm
 57aa8bf8617579267c744492f95ebb0f  corporate/4.0/i586/squirrelmail-eu-1.4.19-0.1.20060mlcs4.noarch.rpm
 62f8704bb4cf87229b28512132efbcb8  corporate/4.0/i586/squirrelmail-fa-1.4.19-0.1.20060mlcs4.noarch.rpm
 f71d582b10f46c99821c0e9a068b1580  corporate/4.0/i586/squirrelmail-fi-1.4.19-0.1.20060mlcs4.noarch.rpm
 5d7566e8fb7f9420917dad0ddd21dbea  corporate/4.0/i586/squirrelmail-fo-1.4.19-0.1.20060mlcs4.noarch.rpm
 ec3b032100d646df2de8dfca4d5218f5  corporate/4.0/i586/squirrelmail-fr-1.4.19-0.1.20060mlcs4.noarch.rpm
 a790a6ad044caf8c5e7e13f9122bba57  corporate/4.0/i586/squirrelmail-fy-1.4.19-0.1.20060mlcs4.noarch.rpm
 2ad056935b7edfedcccf39622ac980a9  corporate/4.0/i586/squirrelmail-he-1.4.19-0.1.20060mlcs4.noarch.rpm
 34783ec4df73419d207c8e1191572c2c  corporate/4.0/i586/squirrelmail-hr-1.4.19-0.1.20060mlcs4.noarch.rpm
 d95a52816675275e009ed3a587a9e670  corporate/4.0/i586/squirrelmail-hu-1.4.19-0.1.20060mlcs4.noarch.rpm
 beda075c27e0c060144200cb8748437f  corporate/4.0/i586/squirrelmail-id-1.4.19-0.1.20060mlcs4.noarch.rpm
 5463d078bc3a255bf24e11423649f7ac  corporate/4.0/i586/squirrelmail-is-1.4.19-0.1.20060mlcs4.noarch.rpm
 25116cc8ab493cecc0391fbc7c965750  corporate/4.0/i586/squirrelmail-it-1.4.19-0.1.20060mlcs4.noarch.rpm
 162674fae31965c703c61cb503a0fb65  corporate/4.0/i586/squirrelmail-ja-1.4.19-0.1.20060mlcs4.noarch.rpm
 669044071cd28380706d2e2e4b908fcf  corporate/4.0/i586/squirrelmail-ka-1.4.19-0.1.20060mlcs4.noarch.rpm
 bb427b527cbe99f9b8cab14e7daa2275  corporate/4.0/i586/squirrelmail-ko-1.4.19-0.1.20060mlcs4.noarch.rpm
 3116668323b5742a523d3b6883e08b59  corporate/4.0/i586/squirrelmail-lt-1.4.19-0.1.20060mlcs4.noarch.rpm
 91b13eda37041d88081032893b8cec6d  corporate/4.0/i586/squirrelmail-ms-1.4.19-0.1.20060mlcs4.noarch.rpm
 a497a1ff9ffc2a2cad1dadf12b9bc6fc  corporate/4.0/i586/squirrelmail-nb-1.4.19-0.1.20060mlcs4.noarch.rpm
 ae290a7027ff99e958716695f1cfc8ae  corporate/4.0/i586/squirrelmail-nl-1.4.19-0.1.20060mlcs4.noarch.rpm
 1ac2ff97022a4af81f349fe66f38af40  corporate/4.0/i586/squirrelmail-nn-1.4.19-0.1.20060mlcs4.noarch.rpm
 dec12cd967ec5e9c2451c79d9f9d643d  corporate/4.0/i586/squirrelmail-pl-1.4.19-0.1.20060mlcs4.noarch.rpm
 f3eb7fc7b822958a87bc097c5485c12b  corporate/4.0/i586/squirrelmail-poutils-1.4.19-0.1.20060mlcs4.noarch.rpm
 9683608775f66686cabb65e2e0155c47  corporate/4.0/i586/squirrelmail-pt-1.4.19-0.1.20060mlcs4.noarch.rpm
 d15f0cc97fe0bb0ba212eec4fb7b51c9  corporate/4.0/i586/squirrelmail-ro-1.4.19-0.1.20060mlcs4.noarch.rpm
 ad1f1fda51ad390a4f693c6d7780ef67  corporate/4.0/i586/squirrelmail-ru-1.4.19-0.1.20060mlcs4.noarch.rpm
 83ca05879bc8b924cbd41d3ad4a9a255  corporate/4.0/i586/squirrelmail-sk-1.4.19-0.1.20060mlcs4.noarch.rpm
 b0bf4b272e124f415fdb685c855876f1  corporate/4.0/i586/squirrelmail-sl-1.4.19-0.1.20060mlcs4.noarch.rpm
 242ecb89e9173cfe8688dd784b1d52d9  corporate/4.0/i586/squirrelmail-sr-1.4.19-0.1.20060mlcs4.noarch.rpm
 1d6364ec5ddd92ca608c00bbf34adeef  corporate/4.0/i586/squirrelmail-sv-1.4.19-0.1.20060mlcs4.noarch.rpm
 6e87164d730766f1b7ff95f621574c4e  corporate/4.0/i586/squirrelmail-th-1.4.19-0.1.20060mlcs4.noarch.rpm
 3079f68ae741e85026ae14ed309bafb6  corporate/4.0/i586/squirrelmail-tr-1.4.19-0.1.20060mlcs4.noarch.rpm
 f65ae7721bf2167a9059e0e5b2a9a6f4  corporate/4.0/i586/squirrelmail-ug-1.4.19-0.1.20060mlcs4.noarch.rpm
 1f9cb575fbfc3521b830f0080e509d9a  corporate/4.0/i586/squirrelmail-uk-1.4.19-0.1.20060mlcs4.noarch.rpm
 0f2999909a8607e7228f848065af80c1  corporate/4.0/i586/squirrelmail-vi-1.4.19-0.1.20060mlcs4.noarch.rpm
 1bfb1279813453dbfbd39e52479ff6f5  corporate/4.0/i586/squirrelmail-zh_CN-1.4.19-0.1.20060mlcs4.noarch.rpm
 8f74d8ec4e9d7fb477fa20a66e2d8f8e  corporate/4.0/i586/squirrelmail-zh_TW-1.4.19-0.1.20060mlcs4.noarch.rpm 
 418c8ab99175d7b8182d115182d2f51c  corporate/4.0/SRPMS/squirrelmail-1.4.19-0.1.20060mlcs4.src.rpm

Referenzen