[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] [ MDVSA-2009:122 ] squirrelmail
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] [ MDVSA-2009:122 ] squirrelmail
- From: security@xxxxxxxxxxxx
- Date: Sat, 23 May 2009 12:30:00 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:122
http://www.mandriva.com/security/
_______________________________________________________________________
Package : squirrelmail
Date : June 23, 2009
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
A vulnerability has been identified and corrected in squirrelmail:
The map_yp_alias function in functions/imap_general.php in SquirrelMail
before 1.4.19 allows remote attackers to execute arbitrary commands
via shell metacharacters in a username string that is used by the
ypmatch program. NOTE: this issue exists because of an incomplete
fix for CVE-2009-1579. (CVE-2009-1381)
Basically this is a syncronization with the latest squirrelmail package
found in Mandriva Cooker. The rpm changelog will reveal all the changes
(rpm -q --changelog squirrelmail).
The updated packages have been upgraded to the latest version of
squirrelmail to prevent this.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1381
_______________________________________________________________________
Updated Packages:
Corporate 4.0:
6b3080300bf36c584634dd09f1c8af39
corporate/4.0/i586/squirrelmail-1.4.19-0.1.20060mlcs4.noarch.rpm
1f15dcd190c0d4bc2b4f32a77f69783f
corporate/4.0/i586/squirrelmail-ar-1.4.19-0.1.20060mlcs4.noarch.rpm
944fde793c3737a5f8a2a89041ec2ddc
corporate/4.0/i586/squirrelmail-bg-1.4.19-0.1.20060mlcs4.noarch.rpm
593f527e352ed52d6214e7dc717557b9
corporate/4.0/i586/squirrelmail-bn-1.4.19-0.1.20060mlcs4.noarch.rpm
976dfb3939c3981edde142eca527a90a
corporate/4.0/i586/squirrelmail-ca-1.4.19-0.1.20060mlcs4.noarch.rpm
f626097a727ebfdd66c0476649f001e4
corporate/4.0/i586/squirrelmail-cs-1.4.19-0.1.20060mlcs4.noarch.rpm
7b60aff68ee875f92e66784568fa22d4
corporate/4.0/i586/squirrelmail-cy-1.4.19-0.1.20060mlcs4.noarch.rpm
6f312f17747c62a836247ea82346fb24
corporate/4.0/i586/squirrelmail-cyrus-1.4.19-0.1.20060mlcs4.noarch.rpm
54998ae421ca76868419d9859ceaa984
corporate/4.0/i586/squirrelmail-da-1.4.19-0.1.20060mlcs4.noarch.rpm
60b681423d7d08be82bd3f7344a795d5
corporate/4.0/i586/squirrelmail-de-1.4.19-0.1.20060mlcs4.noarch.rpm
60459e331eca2d598548e8ee3342ff52
corporate/4.0/i586/squirrelmail-el-1.4.19-0.1.20060mlcs4.noarch.rpm
2250b8171d5e52c6cc12cceb064c1178
corporate/4.0/i586/squirrelmail-en-1.4.19-0.1.20060mlcs4.noarch.rpm
f479cce87a9306027141bae0bd88853f
corporate/4.0/i586/squirrelmail-es-1.4.19-0.1.20060mlcs4.noarch.rpm
9aeaa6f5185bba450fd646c2d5d38dec
corporate/4.0/i586/squirrelmail-et-1.4.19-0.1.20060mlcs4.noarch.rpm
57aa8bf8617579267c744492f95ebb0f
corporate/4.0/i586/squirrelmail-eu-1.4.19-0.1.20060mlcs4.noarch.rpm
62f8704bb4cf87229b28512132efbcb8
corporate/4.0/i586/squirrelmail-fa-1.4.19-0.1.20060mlcs4.noarch.rpm
f71d582b10f46c99821c0e9a068b1580
corporate/4.0/i586/squirrelmail-fi-1.4.19-0.1.20060mlcs4.noarch.rpm
5d7566e8fb7f9420917dad0ddd21dbea
corporate/4.0/i586/squirrelmail-fo-1.4.19-0.1.20060mlcs4.noarch.rpm
ec3b032100d646df2de8dfca4d5218f5
corporate/4.0/i586/squirrelmail-fr-1.4.19-0.1.20060mlcs4.noarch.rpm
a790a6ad044caf8c5e7e13f9122bba57
corporate/4.0/i586/squirrelmail-fy-1.4.19-0.1.20060mlcs4.noarch.rpm
2ad056935b7edfedcccf39622ac980a9
corporate/4.0/i586/squirrelmail-he-1.4.19-0.1.20060mlcs4.noarch.rpm
34783ec4df73419d207c8e1191572c2c
corporate/4.0/i586/squirrelmail-hr-1.4.19-0.1.20060mlcs4.noarch.rpm
d95a52816675275e009ed3a587a9e670
corporate/4.0/i586/squirrelmail-hu-1.4.19-0.1.20060mlcs4.noarch.rpm
beda075c27e0c060144200cb8748437f
corporate/4.0/i586/squirrelmail-id-1.4.19-0.1.20060mlcs4.noarch.rpm
5463d078bc3a255bf24e11423649f7ac
corporate/4.0/i586/squirrelmail-is-1.4.19-0.1.20060mlcs4.noarch.rpm
25116cc8ab493cecc0391fbc7c965750
corporate/4.0/i586/squirrelmail-it-1.4.19-0.1.20060mlcs4.noarch.rpm
162674fae31965c703c61cb503a0fb65
corporate/4.0/i586/squirrelmail-ja-1.4.19-0.1.20060mlcs4.noarch.rpm
669044071cd28380706d2e2e4b908fcf
corporate/4.0/i586/squirrelmail-ka-1.4.19-0.1.20060mlcs4.noarch.rpm
bb427b527cbe99f9b8cab14e7daa2275
corporate/4.0/i586/squirrelmail-ko-1.4.19-0.1.20060mlcs4.noarch.rpm
3116668323b5742a523d3b6883e08b59
corporate/4.0/i586/squirrelmail-lt-1.4.19-0.1.20060mlcs4.noarch.rpm
91b13eda37041d88081032893b8cec6d
corporate/4.0/i586/squirrelmail-ms-1.4.19-0.1.20060mlcs4.noarch.rpm
a497a1ff9ffc2a2cad1dadf12b9bc6fc
corporate/4.0/i586/squirrelmail-nb-1.4.19-0.1.20060mlcs4.noarch.rpm
ae290a7027ff99e958716695f1cfc8ae
corporate/4.0/i586/squirrelmail-nl-1.4.19-0.1.20060mlcs4.noarch.rpm
1ac2ff97022a4af81f349fe66f38af40
corporate/4.0/i586/squirrelmail-nn-1.4.19-0.1.20060mlcs4.noarch.rpm
dec12cd967ec5e9c2451c79d9f9d643d
corporate/4.0/i586/squirrelmail-pl-1.4.19-0.1.20060mlcs4.noarch.rpm
f3eb7fc7b822958a87bc097c5485c12b
corporate/4.0/i586/squirrelmail-poutils-1.4.19-0.1.20060mlcs4.noarch.rpm
9683608775f66686cabb65e2e0155c47
corporate/4.0/i586/squirrelmail-pt-1.4.19-0.1.20060mlcs4.noarch.rpm
d15f0cc97fe0bb0ba212eec4fb7b51c9
corporate/4.0/i586/squirrelmail-ro-1.4.19-0.1.20060mlcs4.noarch.rpm
ad1f1fda51ad390a4f693c6d7780ef67
corporate/4.0/i586/squirrelmail-ru-1.4.19-0.1.20060mlcs4.noarch.rpm
83ca05879bc8b924cbd41d3ad4a9a255
corporate/4.0/i586/squirrelmail-sk-1.4.19-0.1.20060mlcs4.noarch.rpm
b0bf4b272e124f415fdb685c855876f1
corporate/4.0/i586/squirrelmail-sl-1.4.19-0.1.20060mlcs4.noarch.rpm
242ecb89e9173cfe8688dd784b1d52d9
corporate/4.0/i586/squirrelmail-sr-1.4.19-0.1.20060mlcs4.noarch.rpm
1d6364ec5ddd92ca608c00bbf34adeef
corporate/4.0/i586/squirrelmail-sv-1.4.19-0.1.20060mlcs4.noarch.rpm
6e87164d730766f1b7ff95f621574c4e
corporate/4.0/i586/squirrelmail-th-1.4.19-0.1.20060mlcs4.noarch.rpm
3079f68ae741e85026ae14ed309bafb6
corporate/4.0/i586/squirrelmail-tr-1.4.19-0.1.20060mlcs4.noarch.rpm
f65ae7721bf2167a9059e0e5b2a9a6f4
corporate/4.0/i586/squirrelmail-ug-1.4.19-0.1.20060mlcs4.noarch.rpm
1f9cb575fbfc3521b830f0080e509d9a
corporate/4.0/i586/squirrelmail-uk-1.4.19-0.1.20060mlcs4.noarch.rpm
0f2999909a8607e7228f848065af80c1
corporate/4.0/i586/squirrelmail-vi-1.4.19-0.1.20060mlcs4.noarch.rpm
1bfb1279813453dbfbd39e52479ff6f5
corporate/4.0/i586/squirrelmail-zh_CN-1.4.19-0.1.20060mlcs4.noarch.rpm
8f74d8ec4e9d7fb477fa20a66e2d8f8e
corporate/4.0/i586/squirrelmail-zh_TW-1.4.19-0.1.20060mlcs4.noarch.rpm
418c8ab99175d7b8182d115182d2f51c
corporate/4.0/SRPMS/squirrelmail-1.4.19-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
141e9350472907fdf324f93352484402
corporate/4.0/x86_64/squirrelmail-1.4.19-0.1.20060mlcs4.noarch.rpm
e256a1654248627b9846fdbfc0e43ad7
corporate/4.0/x86_64/squirrelmail-ar-1.4.19-0.1.20060mlcs4.noarch.rpm
e9b43600ec3a4fad3ad070f80f569119
corporate/4.0/x86_64/squirrelmail-bg-1.4.19-0.1.20060mlcs4.noarch.rpm
c6a03bdf984f749e3725caae1bdd8e85
corporate/4.0/x86_64/squirrelmail-bn-1.4.19-0.1.20060mlcs4.noarch.rpm
2507c005808aacdd1bb1d42c0c469930
corporate/4.0/x86_64/squirrelmail-ca-1.4.19-0.1.20060mlcs4.noarch.rpm
e14c38f79407fd5ff46dc6b89057df4a
corporate/4.0/x86_64/squirrelmail-cs-1.4.19-0.1.20060mlcs4.noarch.rpm
6ebeb7f6bd5e29b9746a021aeab3a2dc
corporate/4.0/x86_64/squirrelmail-cy-1.4.19-0.1.20060mlcs4.noarch.rpm
cfd48737f7f72a5421c0b5a24ff2b396
corporate/4.0/x86_64/squirrelmail-cyrus-1.4.19-0.1.20060mlcs4.noarch.rpm
3c681904b9069353cb78dc84144460da
corporate/4.0/x86_64/squirrelmail-da-1.4.19-0.1.20060mlcs4.noarch.rpm
f0d6f322e525bcc1e62a7c69e18e7cbc
corporate/4.0/x86_64/squirrelmail-de-1.4.19-0.1.20060mlcs4.noarch.rpm
f61ac00df6af15ede27ee55572c70a2c
corporate/4.0/x86_64/squirrelmail-el-1.4.19-0.1.20060mlcs4.noarch.rpm
b519dbd013f1576e9d5780741881cafd
corporate/4.0/x86_64/squirrelmail-en-1.4.19-0.1.20060mlcs4.noarch.rpm
b2f094abf6d7b24297dc0406198dcbdb
corporate/4.0/x86_64/squirrelmail-es-1.4.19-0.1.20060mlcs4.noarch.rpm
d6e497482be3ec4f7830c7d0aa33fe0b
corporate/4.0/x86_64/squirrelmail-et-1.4.19-0.1.20060mlcs4.noarch.rpm
2dd057984bea0ac6bdb81373cb4670c3
corporate/4.0/x86_64/squirrelmail-eu-1.4.19-0.1.20060mlcs4.noarch.rpm
412f01534aea85856d935680974f17e5
corporate/4.0/x86_64/squirrelmail-fa-1.4.19-0.1.20060mlcs4.noarch.rpm
92d3aee5fddbf13b2a0aaae8692cc162
corporate/4.0/x86_64/squirrelmail-fi-1.4.19-0.1.20060mlcs4.noarch.rpm
1dc4579016263ebf7efd6d017ca79133
corporate/4.0/x86_64/squirrelmail-fo-1.4.19-0.1.20060mlcs4.noarch.rpm
9224a20f02e0ead466330a29be20eb13
corporate/4.0/x86_64/squirrelmail-fr-1.4.19-0.1.20060mlcs4.noarch.rpm
42b6a3d05bd311ead796f4d3cddb6d0b
corporate/4.0/x86_64/squirrelmail-fy-1.4.19-0.1.20060mlcs4.noarch.rpm
dc2defe4055dedf18078dd9043d802d3
corporate/4.0/x86_64/squirrelmail-he-1.4.19-0.1.20060mlcs4.noarch.rpm
31eab7b9396de1144b487557d43e9801
corporate/4.0/x86_64/squirrelmail-hr-1.4.19-0.1.20060mlcs4.noarch.rpm
1009654e2b12d3923e1482e36919d8c5
corporate/4.0/x86_64/squirrelmail-hu-1.4.19-0.1.20060mlcs4.noarch.rpm
96a766059fa6fe39d32078ea1daa1796
corporate/4.0/x86_64/squirrelmail-id-1.4.19-0.1.20060mlcs4.noarch.rpm
fbfe2e40e2b2e09cd4fd89d5f21df72e
corporate/4.0/x86_64/squirrelmail-is-1.4.19-0.1.20060mlcs4.noarch.rpm
4963112ed14c24d9691deef363de76b8
corporate/4.0/x86_64/squirrelmail-it-1.4.19-0.1.20060mlcs4.noarch.rpm
6206db8373820b2151718f8fbf459c5a
corporate/4.0/x86_64/squirrelmail-ja-1.4.19-0.1.20060mlcs4.noarch.rpm
b4249ecf962816ba5fcd661199c4b060
corporate/4.0/x86_64/squirrelmail-ka-1.4.19-0.1.20060mlcs4.noarch.rpm
082ddb2b09dda383f446ec6b0bd3f1e6
corporate/4.0/x86_64/squirrelmail-ko-1.4.19-0.1.20060mlcs4.noarch.rpm
71fe65b15fa84a5b85a76a5d963ef68c
corporate/4.0/x86_64/squirrelmail-lt-1.4.19-0.1.20060mlcs4.noarch.rpm
25d6ae0885be54321bcd086eb2b20e03
corporate/4.0/x86_64/squirrelmail-ms-1.4.19-0.1.20060mlcs4.noarch.rpm
5e22f9b8d9a5355e492d98d50a00845c
corporate/4.0/x86_64/squirrelmail-nb-1.4.19-0.1.20060mlcs4.noarch.rpm
6e6625152ae205074ec297b814108a73
corporate/4.0/x86_64/squirrelmail-nl-1.4.19-0.1.20060mlcs4.noarch.rpm
7d1bcdfb1ee4ca91f33092512e936722
corporate/4.0/x86_64/squirrelmail-nn-1.4.19-0.1.20060mlcs4.noarch.rpm
6f400936f795aa4c0a0ce269407fb264
corporate/4.0/x86_64/squirrelmail-pl-1.4.19-0.1.20060mlcs4.noarch.rpm
c2cd325b4b51f8b56f269861cce3c7a7
corporate/4.0/x86_64/squirrelmail-poutils-1.4.19-0.1.20060mlcs4.noarch.rpm
7c2f1803b03b3320f7aca256f461329f
corporate/4.0/x86_64/squirrelmail-pt-1.4.19-0.1.20060mlcs4.noarch.rpm
bfaa76d92f39e6394cb18b5b08ce2b21
corporate/4.0/x86_64/squirrelmail-ro-1.4.19-0.1.20060mlcs4.noarch.rpm
eeedbb528aebcc4a2d077930a8215e11
corporate/4.0/x86_64/squirrelmail-ru-1.4.19-0.1.20060mlcs4.noarch.rpm
1f181644b298642a070253126f978fa5
corporate/4.0/x86_64/squirrelmail-sk-1.4.19-0.1.20060mlcs4.noarch.rpm
423f296fe00810d0f16e7f0a79d7ecce
corporate/4.0/x86_64/squirrelmail-sl-1.4.19-0.1.20060mlcs4.noarch.rpm
43a2db13ca74d92f7c9bbc17dcc235b1
corporate/4.0/x86_64/squirrelmail-sr-1.4.19-0.1.20060mlcs4.noarch.rpm
c33a3d037d339cb776f691ddb21eb394
corporate/4.0/x86_64/squirrelmail-sv-1.4.19-0.1.20060mlcs4.noarch.rpm
fe28d3c2fa28c35ca0ca6a5137e6a1b9
corporate/4.0/x86_64/squirrelmail-th-1.4.19-0.1.20060mlcs4.noarch.rpm
0519045b3d7e85703654f1eaf94c7716
corporate/4.0/x86_64/squirrelmail-tr-1.4.19-0.1.20060mlcs4.noarch.rpm
d6af28fed5291e857cf5e6c39b026d68
corporate/4.0/x86_64/squirrelmail-ug-1.4.19-0.1.20060mlcs4.noarch.rpm
ce23fca5337143b987e483d2c1ac5ca9
corporate/4.0/x86_64/squirrelmail-uk-1.4.19-0.1.20060mlcs4.noarch.rpm
c09a7c455f72294c5c16da32db629145
corporate/4.0/x86_64/squirrelmail-vi-1.4.19-0.1.20060mlcs4.noarch.rpm
23de844e37d7b62a27d301eafe55c238
corporate/4.0/x86_64/squirrelmail-zh_CN-1.4.19-0.1.20060mlcs4.noarch.rpm
ea8b3d79bca95b186aedb52b4a096b47
corporate/4.0/x86_64/squirrelmail-zh_TW-1.4.19-0.1.20060mlcs4.noarch.rpm
418c8ab99175d7b8182d115182d2f51c
corporate/4.0/SRPMS/squirrelmail-1.4.19-0.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKF6YjmqjQ0CJFipgRAsGtAKCn3DQEb6ph9JCkUWxBVUmvOsp3bwCg5UIh
RzuSqC6Cqo4iN3yJaC+vP9o=
=uHYX
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/