1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4168-1] squirrelmail security update

    From Salvatore Bonaccorso@1:229/2 to All on Sun Apr 8 10:10:02 2018
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4168-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso
    April 08, 2018 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : squirrelmail
    CVE ID : CVE-2018-8741
    Debian Bug : 893202

    Florian Grunow und Birk Kauer of ERNW discovered a path traversal
    vulnerability in SquirrelMail, a webmail application, allowing an
    authenticated remote attacker to retrieve or delete arbitrary files
    via mail attachment.

    For the oldstable distribution (jessie), this problem has been fixed
    in version 2:1.4.23~svn20120406-2+deb8u2.

    We recommend that you upgrade your squirrelmail packages.

    For the detailed security status of squirrelmail please refer to its
    security tracker page at: https://security-tracker.debian.org/tracker/squirrelmail

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlrJyshfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0ROLQ/+ILcsLCgwuYN0h2hldhFLOFbleNYkFzuqlg3ZDEfdE0YrmwimHYntN6oe GFc6PKMXap74rBOEcZY98oPvj3HIHQAur5+PTi09dfNyXC/ninmro7jPUE+23R7+ dMNEsI/w4wFzx9LjFHyfi6BWvxlZ9+IpGbZzaEVwM0AnGB0YTuDqzISlbRqXp+Ed 9xT09JTBpALzjqIt11gnJBh14hBz7egoVFXsklSVOx/sa/FwDKH7m/ksmJdFtBNB TaVqeLZxxLKVK04Zu8eb9O0LhdddMNR4x51/yN6xNihDoKAGBAI6NsJsxtaUuNj/ b3KrFAXm+m6NOwrEh3EM0xWmc1QMsDpxSyS8CHvTSsOQRKoKa7jOViOtygBauY4p ByZnRj6+hgTp2qBFJ1f4v5sm+ZHfHfoD3GFLHvyPWze6ioUg0IY02Qwk+WYwkJW8 Oiau0C2419WINbgmtQNRd6ZZ7lNXsOMwScVI7xUybhBUhgaoylFa0RifcckgBObE mDsOE6ltaytGFAX0ooNAJBbCYW9irQCpvCoB+krKb6S5z5Dg2/W6syizm6scQdyI MW1RgTxrJB5FYagI06aBcmYl4fSFMGJG0qJL3vhPE9Y9oiV+NmST8uo6TaUMsHLE 6DEUbCI4+zG5/kFw0vQW7u27An/p+2410rD+9L+4GJfDoqBbkLc=
    =zgnB
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)