|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for squirrelmail RHSA-2013:0126-01|
|Summary:||The remote host is missing an update for the 'squirrelmail'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'squirrelmail'
package(s) announced via the referenced advisory.
SquirrelMail is a standards-based webmail package written in PHP.
The SquirrelMail security update RHSA-2012:0103 did not, unlike the erratum
text stated, correct the CVE-2010-2813 issue, a flaw in the way
SquirrelMail handled failed log in attempts. A user preference file was
created when attempting to log in with a password containing an 8-bit
character, even if the username was not valid. A remote attacker could use
this flaw to eventually consume all hard disk space on the target
SquirrelMail server. (CVE-2012-2124)
This update also fixes the following bugs:
* Prior to this update, SquirrelMail could not decode multi-line subjects
properly. Consequently, the decode header internationalization option did
not properly handle new lines or tabs at the beginning of the lines. This
bug has been fixed and SquirrelMail now works correctly in the described
* Due to a bug, attachments written in HTML code on the Windows operating
system were not displayed properly when accessed with SquirrelMail. The
'!=null' string was trimmed to '!ull'. This bug has been fixed and the
attachments are now displayed correctly in such a case. (BZ#359791)
* Previously, e-mail messages with a Unique Identifier (UID) larger than
2^31 bytes were unreadable when using the squirrelmail package. With this
patch the squirrelmail package is able to read all messages regardless of
the UIDs size. (BZ#450780)
* Due to a bug, a PHP script did not assign the proper character set to
requested variables. Consequently, SquirrelMail could not display any
e-mails. The underlying source code has been modified and now the
squirrelmail package assigns the correct character set. (BZ#475188)
Description truncated, please see the referenced URL(s) for more information.
squirrelmail on Red Hat Enterprise Linux (v. 5 server)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2012-2124|
RedHat Security Advisories: RHSA-2013:0126
Common Vulnerability Exposure (CVE) ID: CVE-2010-2813
BugTraq ID: 42399
Debian Security Information: DSA-2091 (Google Search)
RedHat Security Advisories: RHSA-2012:0103
XForce ISS Database: squirrelmail-imap-dos(61124)
|Copyright||Copyright (c) 2013 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.