Debian Security Advisory DSA 1802-2 (squirrelmail) Network Vulnerability

Summary

The remote host is missing an update to squirrelmail announced via advisory DSA 1802-2.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201802-2

Insight

Michal Hlavinka discovered that the fix for code execution in the map_yp_alias function, known as CVE-2009-1579 and released in DSA 1802-1, was incomplete. This update corrects the fix for that function. For the old stable distribution (etch), this problem has been fixed in version 1.4.9a-5. For the stable distribution (lenny), this problem has been fixed in version 1.4.15-4+lenny2. For the unstable distribution (sid), this problem has been fixed in version 1.4.19-1 We recommend that you upgrade your squirrelmail package.

Severity

Classification

CVE CVE-2009-1381, CVE-2009-1578, CVE-2009-1579, CVE-2009-1580, CVE-2009-1581
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1135-1 (libtunepimp)
Debian Security Advisory DSA 1121-1 (postgrey)
Debian Security Advisory DSA 1139-1 (ruby1.6)
Debian Security Advisory DSA 1117-1 (libgd2)
Debian Security Advisory DSA 1081-1 (libextractor)

Take action and discover your vulnerabilities