Debian Security Advisory DSA 1802-2 (squirrelmail) Network Vulnerability

Summary

The remote host is missing an update to squirrelmail announced via advisory DSA 1802-2.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201802-2

Insight

Michal Hlavinka discovered that the fix for code execution in the map_yp_alias function, known as CVE-2009-1579 and released in DSA 1802-1, was incomplete. This update corrects the fix for that function. For the old stable distribution (etch), this problem has been fixed in version 1.4.9a-5. For the stable distribution (lenny), this problem has been fixed in version 1.4.15-4+lenny2. For the unstable distribution (sid), this problem has been fixed in version 1.4.19-1 We recommend that you upgrade your squirrelmail package.

Severity

Classification

CVE CVE-2009-1381, CVE-2009-1578, CVE-2009-1579, CVE-2009-1580, CVE-2009-1581

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 037-1 (nextaw, xaw3d, xaw95)
Debian Security Advisory DSA 1071-1 (mysql)
Debian Security Advisory DSA 1139-1 (ruby1.6)
Debian Security Advisory DSA 1055-1 (mozilla-firefox)
Debian Security Advisory DSA 1080-1 (dovecot)

Take action and discover your vulnerabilities