Package name
squirrelmail
Date
2007-05-19
Advisory ID
MDKSA-2007:106
Affected versions
CS3.0 i586 , CS4.0 x86_64 , CS3.0 x86_64 , CS4.0 i586

Problem description

A number of HTML filtering bugs were found in SquirrelMail that
could allow an attacker to inject arbitrary JavaScript leading to
cross-site scripting attacks by sending an email viewed by a user
within SquirrelMail (CVE-2007-1262).

As well, SquirrelMail did not sufficiently check arguments to IMG tags
in HTML messages that could be exploited by an attacker by sending
arbitrary email messges on behalf of a SquirrelMail user tricked into
opening a maliciously-crafted HTML email message (CVE-2007-2589).

The packages provided have been updated to correct these
vulnerabilities; Corporate Server 4 has been upgraded to SquirrelMail
1.4.10a and Corporate Server 3 has been patched to protect against
these issues.

Updated packages

CS3.0 i586

 e3c5f1b83f6f20915ea82419f7b878b5  corporate/3.0/i586/squirrelmail-1.4.5-1.6.C30mdk.noarch.rpm
 2edfb083bb6215aab9bd46aeacdf32a9  corporate/3.0/i586/squirrelmail-poutils-1.4.5-1.6.C30mdk.noarch.rpm 
 fdfb2f5cfc43752d836f55bf165531d4  corporate/3.0/SRPMS/squirrelmail-1.4.5-1.6.C30mdk.src.rpm

CS4.0 x86_64

 00a9cbc5496e1e870744f6522c1bc773  corporate/4.0/x86_64/squirrelmail-1.4.10a-0.1.20060mlcs4.noarch.rpm
 d4e553f398f4235f150ee4122090ec88  corporate/4.0/x86_64/squirrelmail-ar-1.4.10a-0.1.20060mlcs4.noarch.rpm
 76888c9511b69b7334e84acf9ef129ab  corporate/4.0/x86_64/squirrelmail-bg-1.4.10a-0.1.20060mlcs4.noarch.rpm
 4c61f79a417adf6eeea687b457462a8f  corporate/4.0/x86_64/squirrelmail-bn-1.4.10a-0.1.20060mlcs4.noarch.rpm
 f089e4bb67c55cddd1f7629e593e703b  corporate/4.0/x86_64/squirrelmail-ca-1.4.10a-0.1.20060mlcs4.noarch.rpm
 0a379ace81dd9369f899b7b7118cb760  corporate/4.0/x86_64/squirrelmail-cs-1.4.10a-0.1.20060mlcs4.noarch.rpm
 dff33042bf47adef266547d7a9b3ade2  corporate/4.0/x86_64/squirrelmail-cy-1.4.10a-0.1.20060mlcs4.noarch.rpm
 2d4edc19e56833116ab2294f4a27d23b  corporate/4.0/x86_64/squirrelmail-cyrus-1.4.10a-0.1.20060mlcs4.noarch.rpm
 7bec6d64bbe6999e11d7d0c77bcaab82  corporate/4.0/x86_64/squirrelmail-da-1.4.10a-0.1.20060mlcs4.noarch.rpm
 5e14e81ec4f57f016656c7d0114fdcad  corporate/4.0/x86_64/squirrelmail-de-1.4.10a-0.1.20060mlcs4.noarch.rpm
 13813b8c28001bd43cdd6af745e736b8  corporate/4.0/x86_64/squirrelmail-el-1.4.10a-0.1.20060mlcs4.noarch.rpm
 a7f9076a6af3d2b98eec5bdf4f21811d  corporate/4.0/x86_64/squirrelmail-en-1.4.10a-0.1.20060mlcs4.noarch.rpm
 ec38199eecabb658647e352b4f2c30ba  corporate/4.0/x86_64/squirrelmail-es-1.4.10a-0.1.20060mlcs4.noarch.rpm
 ffe5ecdb63aaf4aead6d9d0cde35baf9  corporate/4.0/x86_64/squirrelmail-et-1.4.10a-0.1.20060mlcs4.noarch.rpm
 07dcf84da41d89559b90681a87373dc6  corporate/4.0/x86_64/squirrelmail-eu-1.4.10a-0.1.20060mlcs4.noarch.rpm
 9658a4ba0a0323ce9bba873fe4c1c4b9  corporate/4.0/x86_64/squirrelmail-fa-1.4.10a-0.1.20060mlcs4.noarch.rpm
 e25b7b37ee46ca3e51cf8c3c4f05663e  corporate/4.0/x86_64/squirrelmail-fi-1.4.10a-0.1.20060mlcs4.noarch.rpm
 407062a02f20eecc5b2f3ab0d4380e43  corporate/4.0/x86_64/squirrelmail-fo-1.4.10a-0.1.20060mlcs4.noarch.rpm
 5cc39ed0d608875a7603701dacf6a0b7  corporate/4.0/x86_64/squirrelmail-fr-1.4.10a-0.1.20060mlcs4.noarch.rpm
 db6096f1b9bf670da192bb937d149168  corporate/4.0/x86_64/squirrelmail-he-1.4.10a-0.1.20060mlcs4.noarch.rpm
 ab01482e97c19c60db21026f8d910a09  corporate/4.0/x86_64/squirrelmail-hr-1.4.10a-0.1.20060mlcs4.noarch.rpm
 7e950b64fb7c34c1ad285c1160d58d5e  corporate/4.0/x86_64/squirrelmail-hu-1.4.10a-0.1.20060mlcs4.noarch.rpm
 8e765a394db8a6f0ca05c9207bd2f025  corporate/4.0/x86_64/squirrelmail-id-1.4.10a-0.1.20060mlcs4.noarch.rpm
 cb68e301cbb371150d37883a69850589  corporate/4.0/x86_64/squirrelmail-is-1.4.10a-0.1.20060mlcs4.noarch.rpm
 b5645e48af1b39cdfa32e3fa52ea7bb4  corporate/4.0/x86_64/squirrelmail-it-1.4.10a-0.1.20060mlcs4.noarch.rpm
 645c0f8c641986cb777bd058e95c6d32  corporate/4.0/x86_64/squirrelmail-ja-1.4.10a-0.1.20060mlcs4.noarch.rpm
 8f220bf05ec6286877917d2509c0d3e5  corporate/4.0/x86_64/squirrelmail-ka-1.4.10a-0.1.20060mlcs4.noarch.rpm
 f0fb577de0b859f3bb6bc5381d3f1005  corporate/4.0/x86_64/squirrelmail-ko-1.4.10a-0.1.20060mlcs4.noarch.rpm
 bd9ca263ce438c7c73d78296a1a21504  corporate/4.0/x86_64/squirrelmail-lt-1.4.10a-0.1.20060mlcs4.noarch.rpm
 870b38ef81516da105951688f9a42b60  corporate/4.0/x86_64/squirrelmail-ms-1.4.10a-0.1.20060mlcs4.noarch.rpm
 9ed257e3302a906aa2809b8b03f551d3  corporate/4.0/x86_64/squirrelmail-nb-1.4.10a-0.1.20060mlcs4.noarch.rpm
 b6e36bd9ea5c40410b1bb62a0f749343  corporate/4.0/x86_64/squirrelmail-nl-1.4.10a-0.1.20060mlcs4.noarch.rpm
 f8dad3c19799b0c72c398aa722cd25ab  corporate/4.0/x86_64/squirrelmail-nn-1.4.10a-0.1.20060mlcs4.noarch.rpm
 a17af2f51a339ad50c8d47bfc46d7b96  corporate/4.0/x86_64/squirrelmail-pl-1.4.10a-0.1.20060mlcs4.noarch.rpm
 f2126cfaa0fa6c91849177a6d4c98373  corporate/4.0/x86_64/squirrelmail-poutils-1.4.10a-0.1.20060mlcs4.noarch.rpm
 f92f94136001810cce68a37ac00b42e8  corporate/4.0/x86_64/squirrelmail-pt-1.4.10a-0.1.20060mlcs4.noarch.rpm
 39157e969bdbb36040da6ab0cdd7e986  corporate/4.0/x86_64/squirrelmail-ro-1.4.10a-0.1.20060mlcs4.noarch.rpm
 98b993b7e7117797bb3a41d26f699a4a  corporate/4.0/x86_64/squirrelmail-ru-1.4.10a-0.1.20060mlcs4.noarch.rpm
 8c1a2cfbe4dcec22fa922acdce5356da  corporate/4.0/x86_64/squirrelmail-sk-1.4.10a-0.1.20060mlcs4.noarch.rpm
 2d0dcbe712a9a32630e4c7286e7b6b98  corporate/4.0/x86_64/squirrelmail-sl-1.4.10a-0.1.20060mlcs4.noarch.rpm
 91f842b7ec13189b12ae004e69c7c813  corporate/4.0/x86_64/squirrelmail-sr-1.4.10a-0.1.20060mlcs4.noarch.rpm
 2c7effb242f5821bc1dcac3751826971  corporate/4.0/x86_64/squirrelmail-sv-1.4.10a-0.1.20060mlcs4.noarch.rpm
 782742145d5645ddf4dd154335d32c4c  corporate/4.0/x86_64/squirrelmail-th-1.4.10a-0.1.20060mlcs4.noarch.rpm
 25cbe538d17a6c445d33836d8519e00b  corporate/4.0/x86_64/squirrelmail-tl-1.4.10a-0.1.20060mlcs4.noarch.rpm
 0afa08b672fe9143f257c7662ba902e1  corporate/4.0/x86_64/squirrelmail-tr-1.4.10a-0.1.20060mlcs4.noarch.rpm
 866d67e6d199843d49fa89f839ea96a1  corporate/4.0/x86_64/squirrelmail-ug-1.4.10a-0.1.20060mlcs4.noarch.rpm
 731916f9543710af726cd3e532731633  corporate/4.0/x86_64/squirrelmail-uk-1.4.10a-0.1.20060mlcs4.noarch.rpm
 c9c59033a62495c6f7d5f4f1d67ad737  corporate/4.0/x86_64/squirrelmail-vi-1.4.10a-0.1.20060mlcs4.noarch.rpm
 20f3edd5924b403bbd9ddbdf1556fb81  corporate/4.0/x86_64/squirrelmail-zh_CN-1.4.10a-0.1.20060mlcs4.noarch.rpm
 7fff9380eb6ce2c4fdb9027434cebed3  corporate/4.0/x86_64/squirrelmail-zh_TW-1.4.10a-0.1.20060mlcs4.noarch.rpm 
 bab8517dc2caa6e86d3b08d197ead728  corporate/4.0/SRPMS/squirrelmail-1.4.10a-0.1.20060mlcs4.src.rpm

CS3.0 x86_64

 e3c5f1b83f6f20915ea82419f7b878b5  corporate/3.0/x86_64/squirrelmail-1.4.5-1.6.C30mdk.noarch.rpm
 2edfb083bb6215aab9bd46aeacdf32a9  corporate/3.0/x86_64/squirrelmail-poutils-1.4.5-1.6.C30mdk.noarch.rpm 
 fdfb2f5cfc43752d836f55bf165531d4  corporate/3.0/SRPMS/squirrelmail-1.4.5-1.6.C30mdk.src.rpm

CS4.0 i586

 00a9cbc5496e1e870744f6522c1bc773  corporate/4.0/i586/squirrelmail-1.4.10a-0.1.20060mlcs4.noarch.rpm
 d4e553f398f4235f150ee4122090ec88  corporate/4.0/i586/squirrelmail-ar-1.4.10a-0.1.20060mlcs4.noarch.rpm
 76888c9511b69b7334e84acf9ef129ab  corporate/4.0/i586/squirrelmail-bg-1.4.10a-0.1.20060mlcs4.noarch.rpm
 4c61f79a417adf6eeea687b457462a8f  corporate/4.0/i586/squirrelmail-bn-1.4.10a-0.1.20060mlcs4.noarch.rpm
 f089e4bb67c55cddd1f7629e593e703b  corporate/4.0/i586/squirrelmail-ca-1.4.10a-0.1.20060mlcs4.noarch.rpm
 0a379ace81dd9369f899b7b7118cb760  corporate/4.0/i586/squirrelmail-cs-1.4.10a-0.1.20060mlcs4.noarch.rpm
 dff33042bf47adef266547d7a9b3ade2  corporate/4.0/i586/squirrelmail-cy-1.4.10a-0.1.20060mlcs4.noarch.rpm
 2d4edc19e56833116ab2294f4a27d23b  corporate/4.0/i586/squirrelmail-cyrus-1.4.10a-0.1.20060mlcs4.noarch.rpm
 7bec6d64bbe6999e11d7d0c77bcaab82  corporate/4.0/i586/squirrelmail-da-1.4.10a-0.1.20060mlcs4.noarch.rpm
 5e14e81ec4f57f016656c7d0114fdcad  corporate/4.0/i586/squirrelmail-de-1.4.10a-0.1.20060mlcs4.noarch.rpm
 13813b8c28001bd43cdd6af745e736b8  corporate/4.0/i586/squirrelmail-el-1.4.10a-0.1.20060mlcs4.noarch.rpm
 a7f9076a6af3d2b98eec5bdf4f21811d  corporate/4.0/i586/squirrelmail-en-1.4.10a-0.1.20060mlcs4.noarch.rpm
 ec38199eecabb658647e352b4f2c30ba  corporate/4.0/i586/squirrelmail-es-1.4.10a-0.1.20060mlcs4.noarch.rpm
 ffe5ecdb63aaf4aead6d9d0cde35baf9  corporate/4.0/i586/squirrelmail-et-1.4.10a-0.1.20060mlcs4.noarch.rpm
 07dcf84da41d89559b90681a87373dc6  corporate/4.0/i586/squirrelmail-eu-1.4.10a-0.1.20060mlcs4.noarch.rpm
 9658a4ba0a0323ce9bba873fe4c1c4b9  corporate/4.0/i586/squirrelmail-fa-1.4.10a-0.1.20060mlcs4.noarch.rpm
 e25b7b37ee46ca3e51cf8c3c4f05663e  corporate/4.0/i586/squirrelmail-fi-1.4.10a-0.1.20060mlcs4.noarch.rpm
 407062a02f20eecc5b2f3ab0d4380e43  corporate/4.0/i586/squirrelmail-fo-1.4.10a-0.1.20060mlcs4.noarch.rpm
 5cc39ed0d608875a7603701dacf6a0b7  corporate/4.0/i586/squirrelmail-fr-1.4.10a-0.1.20060mlcs4.noarch.rpm
 db6096f1b9bf670da192bb937d149168  corporate/4.0/i586/squirrelmail-he-1.4.10a-0.1.20060mlcs4.noarch.rpm
 ab01482e97c19c60db21026f8d910a09  corporate/4.0/i586/squirrelmail-hr-1.4.10a-0.1.20060mlcs4.noarch.rpm
 7e950b64fb7c34c1ad285c1160d58d5e  corporate/4.0/i586/squirrelmail-hu-1.4.10a-0.1.20060mlcs4.noarch.rpm
 8e765a394db8a6f0ca05c9207bd2f025  corporate/4.0/i586/squirrelmail-id-1.4.10a-0.1.20060mlcs4.noarch.rpm
 cb68e301cbb371150d37883a69850589  corporate/4.0/i586/squirrelmail-is-1.4.10a-0.1.20060mlcs4.noarch.rpm
 b5645e48af1b39cdfa32e3fa52ea7bb4  corporate/4.0/i586/squirrelmail-it-1.4.10a-0.1.20060mlcs4.noarch.rpm
 645c0f8c641986cb777bd058e95c6d32  corporate/4.0/i586/squirrelmail-ja-1.4.10a-0.1.20060mlcs4.noarch.rpm
 8f220bf05ec6286877917d2509c0d3e5  corporate/4.0/i586/squirrelmail-ka-1.4.10a-0.1.20060mlcs4.noarch.rpm
 f0fb577de0b859f3bb6bc5381d3f1005  corporate/4.0/i586/squirrelmail-ko-1.4.10a-0.1.20060mlcs4.noarch.rpm
 bd9ca263ce438c7c73d78296a1a21504  corporate/4.0/i586/squirrelmail-lt-1.4.10a-0.1.20060mlcs4.noarch.rpm
 870b38ef81516da105951688f9a42b60  corporate/4.0/i586/squirrelmail-ms-1.4.10a-0.1.20060mlcs4.noarch.rpm
 9ed257e3302a906aa2809b8b03f551d3  corporate/4.0/i586/squirrelmail-nb-1.4.10a-0.1.20060mlcs4.noarch.rpm
 b6e36bd9ea5c40410b1bb62a0f749343  corporate/4.0/i586/squirrelmail-nl-1.4.10a-0.1.20060mlcs4.noarch.rpm
 f8dad3c19799b0c72c398aa722cd25ab  corporate/4.0/i586/squirrelmail-nn-1.4.10a-0.1.20060mlcs4.noarch.rpm
 a17af2f51a339ad50c8d47bfc46d7b96  corporate/4.0/i586/squirrelmail-pl-1.4.10a-0.1.20060mlcs4.noarch.rpm
 f2126cfaa0fa6c91849177a6d4c98373  corporate/4.0/i586/squirrelmail-poutils-1.4.10a-0.1.20060mlcs4.noarch.rpm
 f92f94136001810cce68a37ac00b42e8  corporate/4.0/i586/squirrelmail-pt-1.4.10a-0.1.20060mlcs4.noarch.rpm
 39157e969bdbb36040da6ab0cdd7e986  corporate/4.0/i586/squirrelmail-ro-1.4.10a-0.1.20060mlcs4.noarch.rpm
 98b993b7e7117797bb3a41d26f699a4a  corporate/4.0/i586/squirrelmail-ru-1.4.10a-0.1.20060mlcs4.noarch.rpm
 8c1a2cfbe4dcec22fa922acdce5356da  corporate/4.0/i586/squirrelmail-sk-1.4.10a-0.1.20060mlcs4.noarch.rpm
 2d0dcbe712a9a32630e4c7286e7b6b98  corporate/4.0/i586/squirrelmail-sl-1.4.10a-0.1.20060mlcs4.noarch.rpm
 91f842b7ec13189b12ae004e69c7c813  corporate/4.0/i586/squirrelmail-sr-1.4.10a-0.1.20060mlcs4.noarch.rpm
 2c7effb242f5821bc1dcac3751826971  corporate/4.0/i586/squirrelmail-sv-1.4.10a-0.1.20060mlcs4.noarch.rpm
 782742145d5645ddf4dd154335d32c4c  corporate/4.0/i586/squirrelmail-th-1.4.10a-0.1.20060mlcs4.noarch.rpm
 25cbe538d17a6c445d33836d8519e00b  corporate/4.0/i586/squirrelmail-tl-1.4.10a-0.1.20060mlcs4.noarch.rpm
 0afa08b672fe9143f257c7662ba902e1  corporate/4.0/i586/squirrelmail-tr-1.4.10a-0.1.20060mlcs4.noarch.rpm
 866d67e6d199843d49fa89f839ea96a1  corporate/4.0/i586/squirrelmail-ug-1.4.10a-0.1.20060mlcs4.noarch.rpm
 731916f9543710af726cd3e532731633  corporate/4.0/i586/squirrelmail-uk-1.4.10a-0.1.20060mlcs4.noarch.rpm
 c9c59033a62495c6f7d5f4f1d67ad737  corporate/4.0/i586/squirrelmail-vi-1.4.10a-0.1.20060mlcs4.noarch.rpm
 20f3edd5924b403bbd9ddbdf1556fb81  corporate/4.0/i586/squirrelmail-zh_CN-1.4.10a-0.1.20060mlcs4.noarch.rpm
 7fff9380eb6ce2c4fdb9027434cebed3  corporate/4.0/i586/squirrelmail-zh_TW-1.4.10a-0.1.20060mlcs4.noarch.rpm 
 bab8517dc2caa6e86d3b08d197ead728  corporate/4.0/SRPMS/squirrelmail-1.4.10a-0.1.20060mlcs4.src.rpm

References