SquirrelMail Multiple Remote Input Validation Vulnerabilities

SquirrelMail Multiple Remote Input Validation Vulnerabilities

Solution:
The vendor has released SquirrelMail 1.4.4 to address this issue. Patches for affected versions are available as well.

RedHat has released advisories (FEDORA-2005-259), and (FEDORA-2005-260) to address these issues in Fedora Core 2 and 3. Please see the referenced advisories for further information.

Gentoo Linux has released advisory GLSA 200501-39 dealing with this issue. Gentoo advises that all SquirrelMail users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/squirrelmail-1.4.4"

Note: Users with the vhosts USE flag set should manually use webapp-config to finalize the update. For more information, please see the referenced Gentoo Linux advisory.

Debian has released advisory DSA 662-1 along with fixes dealing with these issues. Please see the referenced advisory for more information.

SGI has released advisory 20050207-01-U including Patch 10144 that contains updated SGI ProPack 3 Service Pack 4 RPMs for the SGI Altix products. This patch addresses various issues. Please see the referenced advisory for more information.

Debian has released advisory DSA 662-2 to address the issue described in CAN-2005-0104. Please see the referenced advisory for more information.

SUSE Linux has released advisory SUSE-SR:2005:014 to address these and other issues. Please see the referenced advisory for more information.

SquirrelMail SquirrelMail 1.2.6