Debian Security Advisory DSA 820-1 (courier) Network Vulnerability

Summary

The remote host is missing an update to courier announced via advisory DSA 820-1. Jakob Balle discovered that with Conditional Comments in Internet Explorer it is possible to hide javascript code in comments that will be executed when the browser views a malicious email via sqwebmail. Successful exploitation requires that the user is using Internet Explorer. For the old stable distribution (woody) this problem has been fixed in version 0.37.3-2.7.

Solution

For the stable distribution (sarge) this problem has been fixed in version 0.47-4sarge3. For the unstable distribution (sid) this problem has been fixed in version 0.47-9. We recommend that you upgrade your sqwebmail package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20820-1

Severity

Classification

CVE CVE-2005-2820
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 055-1 (gftp)
Debian Security Advisory DSA 1058-1 (awstats)
Debian Security Advisory DSA 1111-1 (kernel-source-2.6.8 et. al.)
Debian Security Advisory DSA 080-1 (htdig)
Debian Security Advisory DSA 068-1 (openldap)

Take action and discover your vulnerabilities