Home > Security > Advisories


Mandriva Advisories

Package name squirrelmail
Date November 1st, 2005
Advisory ID MDKSA-2005:202
Affected versions CS3.0
Synopsis Updated squirrelmail packages fix vulnerability

Problem Description

A vulnerability in the way that SquirrelMail handled the $_POST
variables was discovered. If a user was tricked into visiting a
malicious URL, the user's SquirrelMail preferences could be read or

This vulnerability is corrected in SquirrelMail 1.4.5 and the updated
packages provide the latest stable version.

Updated Packages

Corporate Server 3.0

 81cf3711a3faf9a95c69a8ece4962801  corporate/3.0/RPMS/squirrelmail-1.4.5-1.1.C30mdk.noarch.rpm
 20eb541402352ed58b6d9e0ffd051168  corporate/3.0/RPMS/squirrelmail-poutils-1.4.5-1.1.C30mdk.noarch.rpm
 c03a4c37539bd9e5aee916946c196366  corporate/3.0/SRPMS/squirrelmail-1.4.5-1.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 81cf3711a3faf9a95c69a8ece4962801  x86_64/corporate/3.0/RPMS/squirrelmail-1.4.5-1.1.C30mdk.noarch.rpm
 20eb541402352ed58b6d9e0ffd051168  x86_64/corporate/3.0/RPMS/squirrelmail-poutils-1.4.5-1.1.C30mdk.noarch.rpm
 c03a4c37539bd9e5aee916946c196366  x86_64/corporate/3.0/SRPMS/squirrelmail-1.4.5-1.1.C30mdk.src.rpm




To upgrade automatically, use MandrivaUpdate.


Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.