_______________________________________________________________________
Package : squirrelmail
Date : February 24, 2009
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
A vulnerability has been identified and corrected in squirrelmail:
Squirrelmail 1.4.15 does not set the secure flag for the session
cookie in an https session, which can cause the cookie to be sent in
http requests and make it easier for remote attackers to capture this
cookie (CVE-2008-3663).
Additionally many of the bundled plugins has been upgraded. The
localization has also been upgraded. Basically this is a syncronization
with the latest squirrelmail package found in Mandriva Cooker. The
rpm changelog will reveal all the changes (rpm -q --changelog
squirrelmail).
The updated packages have been upgraded to the latest version of
squirrelmail to prevent this.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-3663
_______________________________________________________________________
[ MDVSA-2009:053 ] squirrelmail
Ensimmäinen lukematon viesti • 1 viesti
• Sivu 1/1
[ MDVSA-2009:053 ] squirrelmail
Kirjoittaja dude67 » 26 Helmi 2009, 10:44
1. Mageia-1 KDE4 x86_64 (& Win7 Pro) | desktop
2. Mageia-2 KDE4 (& Win7 Home Premium) | laptop Acer 7530
3. Mageia-1 KDE4 (& Win7 Starter) | Samsung NC-10 miniläppäri
4. Mageia-1 KDE4 | serverinä toimiva desktop
Luotettavaa Linux käyttöä jo Mandriva 2006.0:sta lähtien
-
dude67 - Site Admin
- Viestit: 2256
- Liittynyt: 27 Syys 2007, 16:58
- Paikkakunta: Espoo
1 viesti
• Sivu 1/1
Paluu Mandrivan turvallisuustiedotteet
Paikallaolijat
Käyttäjiä lukemassa tätä aluetta: Ei rekisteröityneitä käyttäjiä ja 38 vierailijaa