-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-ad02f64a79 2019-08-15 18:07:56.659694 --------------------------------------------------------------------------------
Name : squirrelmail Product : Fedora 30 Version : 1.4.23 Release : 1.fc30.20190710 URL : http://www.squirrelmail.org/ Summary : webmail client written in php Description : SquirrelMail is a basic webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no JavaScript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install.
-------------------------------------------------------------------------------- Update Information:
updated to 1.4 branch snapshot containing several security fixes -------------------------------------------------------------------------------- ChangeLog:
* Wed Jul 10 2019 Michal Hlavinka mhlavink@redhat.com - 1.4.23-1.20190710 - squirrelmail updated to newer snapshot -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1616100 - CVE-2018-14955 squirrelmail: persistent XSS in message display via SVG animations [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1616100 [ 2 ] Bug #1616097 - CVE-2018-14954 squirrelmail: persistent XSS in message display the formaction attribute [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1616097 [ 3 ] Bug #1616094 - CVE-2018-14953 squirrelmail: persistent XSS in message display via a "<math xlink:href=" [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1616094 [ 4 ] Bug #1616090 - CVE-2018-14952 squirrelmail: persistent XSS in message display via a "<math><maction xlink:href=" [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1616090 [ 5 ] Bug #1616087 - CVE-2018-14951 squirrelmail: persistent XSS in message display via a "<form action='data:text" [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1616087 [ 6 ] Bug #1616084 - CVE-2018-14950 squirrelmail: persistent XSS in message display via a "<svg><a xlink:href=" [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1616084 [ 7 ] Bug #1560341 - CVE-2018-8741 SquirrelMail: Directory traversal flaw in Deliver.class.php can allow a remote attacker to retrieve or delete arbitrary files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1560341 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-ad02f64a79' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------