Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4168-1] squirrelmail security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4168-1] squirrelmail security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4168-1] squirrelmail security update
  • Date: Sun, 08 Apr 2018 08:07:04 +0000
  • List-archive: https://lists.debian.org/msgid-search/E1f55Ls-0005q3-Q9 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Sun, 8 Apr 2018 08:07:28 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <6QBIU7x1yiK.A.C-B.A3cyaB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4168-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 08, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : squirrelmail
CVE ID : CVE-2018-8741
Debian Bug : 893202

Florian Grunow und Birk Kauer of ERNW discovered a path traversal
vulnerability in SquirrelMail, a webmail application, allowing an
authenticated remote attacker to retrieve or delete arbitrary files
via mail attachment.

For the oldstable distribution (jessie), this problem has been fixed
in version 2:1.4.23~svn20120406-2+deb8u2.

We recommend that you upgrade your squirrelmail packages.

For the detailed security status of squirrelmail please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/squirrelmail

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlrJyshfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0ROLQ/+ILcsLCgwuYN0h2hldhFLOFbleNYkFzuqlg3ZDEfdE0YrmwimHYntN6oe
GFc6PKMXap74rBOEcZY98oPvj3HIHQAur5+PTi09dfNyXC/ninmro7jPUE+23R7+
dMNEsI/w4wFzx9LjFHyfi6BWvxlZ9+IpGbZzaEVwM0AnGB0YTuDqzISlbRqXp+Ed
9xT09JTBpALzjqIt11gnJBh14hBz7egoVFXsklSVOx/sa/FwDKH7m/ksmJdFtBNB
TaVqeLZxxLKVK04Zu8eb9O0LhdddMNR4x51/yN6xNihDoKAGBAI6NsJsxtaUuNj/
b3KrFAXm+m6NOwrEh3EM0xWmc1QMsDpxSyS8CHvTSsOQRKoKa7jOViOtygBauY4p
ByZnRj6+hgTp2qBFJ1f4v5sm+ZHfHfoD3GFLHvyPWze6ioUg0IY02Qwk+WYwkJW8
Oiau0C2419WINbgmtQNRd6ZZ7lNXsOMwScVI7xUybhBUhgaoylFa0RifcckgBObE
mDsOE6ltaytGFAX0ooNAJBbCYW9irQCpvCoB+krKb6S5z5Dg2/W6syizm6scQdyI
MW1RgTxrJB5FYagI06aBcmYl4fSFMGJG0qJL3vhPE9Y9oiV+NmST8uo6TaUMsHLE
6DEUbCI4+zG5/kFw0vQW7u27An/p+2410rD+9L+4GJfDoqBbkLc=
=zgnB
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4168-1] squirrelmail security update, Salvatore Bonaccorso, 08.04.2018

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang