Test ID:	1.3.6.1.4.1.25623.1.0.56342
Category:	Fedora Local Security Checks
Title:	Fedora Core 4 FEDORA-2006-133 (squirrelmail)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to squirrelmail announced via advisory FEDORA-2006-133. Upgrade to version upstream 1.4.6 which solves these issues in addition to several bugs. http://www.squirrelmail.org/changelog.php More details here. Additionally Fedora's package contains fixes that may improve usability of squirrelmail in various non-English languages. Please report to Bug #162852 if this update causes any regressions in non-English language behavior. * Wed Mar 1 2006 David Woodhouse 1.4.6-1 - Upgrade to 1.4.6 proper for CVE-2006-0377 CVE-2006-0195 CVE-2006-0188 - Script the charset changes instead of using a patch - Convert the ko_KR files to UTF-8, dropping invalid characters from what's theoretically supposed to be EUC-KR in the original. * Tue Jan 17 2006 Warren Togami 1.4.6-0.cvs20050812.3 - do not remove mo files - require php-mbstring * Fri Dec 9 2005 Jesse Keating - rebuilt * Mon Sep 12 2005 David Woodhouse 1.4.6-0.cvs20050812.2 - Convert all locales to UTF-8 instead of legacy character sets to work around bug #162852. Except for ko_KR, because iconv doesn't believe its help files are actually in EUC-KR as claimed. Solution: Apply the appropriate updates. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2006-133 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-0377 BugTraq ID: 16756 http://www.securityfocus.com/bid/16756 Debian Security Information: DSA-988 (Google Search) http://www.debian.org/security/2006/dsa-988 http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:049 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11470 http://www.redhat.com/support/errata/RHSA-2006-0283.html http://securitytracker.com/id?1015662 http://secunia.com/advisories/18985 http://secunia.com/advisories/19130 http://secunia.com/advisories/19131 http://secunia.com/advisories/19176 http://secunia.com/advisories/19205 http://secunia.com/advisories/19960 http://secunia.com/advisories/20210 SGI Security Advisory: 20060501-01-U ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc SuSE Security Announcement: SUSE-SR:2006:005 (Google Search) http://www.novell.com/linux/security/advisories/2006_05_sr.html http://www.vupen.com/english/advisories/2006/0689 XForce ISS Database: squirrelmail-mailbox-imap-injection(24849) https://exchange.xforce.ibmcloud.com/vulnerabilities/24849 Common Vulnerability Exposure (CVE) ID: CVE-2006-0195 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9548 XForce ISS Database: squirrelmail-magichtml-xss(24848) https://exchange.xforce.ibmcloud.com/vulnerabilities/24848 Common Vulnerability Exposure (CVE) ID: CVE-2006-0188 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10419 XForce ISS Database: squirrelmail-webmail-xss(24847) https://exchange.xforce.ibmcloud.com/vulnerabilities/24847
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.