Unix/Red Hat Systems Adminsitrator The Computer Merchant, Ltd US-PA-Lansdale Post A Job | Post A Resume

Product : Fedora Core 1
Name : squirrelmail
Version : 1.4.3
Release : 0.f1.1
Summary : SquirrelMail webmail client

Description :
SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation.

An SQL injection flaw was found in SquirrelMail version 1.4.2 and earlier. If SquirrelMail is configured to store user addressbooks in the database, a remote attacker could use this flaw to execute arbitrary SQL statements. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0521 to this issue.

A number of cross-site scripting (XSS) flaws in SquirrelMail version 1.4.2 and earlier could allow remote attackers to execute scripts as other web users. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names CAN-2004-0519 and CAN-2004-0520 to these issues.

This update includes the SquirrelMail version 1.4.3a which is not vulnerable to these issues.

• upgrade to 1.4.3a.
• retain stuff after version when adding release to it.
  • Wed Jun 02 2004 Gary Benson <gbenson@redhat.com>
• upgrade to 1.4.3.
  • Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
• rebuilt.
  • Wed Jan 21 2004 Gary Benson <gbenson@redhat.com> 1.4.2-2
• fix calendar plugin breakage (#113902).
  • Thu Jan 08 2004 Gary Benson <gbenson@redhat.com> 1.4.2-1
• upgrade to 1.4.2.
• tighten up permissions on /etc/squirrelmail/config.php (#112774).

be17fbe0ab2c017c9f8aafc407c3fb68 SRPMS/squirrelmail-1.4.3-0.f1.1.src.rpm
4c8288b42458e69e656230afd2a4a38f i386/squirrelmail-1.4.3-0.f1.1.noarch.rpm
4c8288b42458e69e656230afd2a4a38f x86_64/squirrelmail-1.4.3-0.f1.1.noarch.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

Product : Fedora Core 2
Name : squirrelmail
Version : 1.4.3
Release : 1
Summary : SquirrelMail webmail client

Description :
SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation.

An SQL injection flaw was found in SquirrelMail version 1.4.2 and earlier. If SquirrelMail is configured to store user addressbooks in the database, a remote attacker could use this flaw to execute arbitrary SQL statements. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0521 to this issue.

A number of cross-site scripting (XSS) flaws in SquirrelMail version 1.4.2 and earlier could allow remote attackers to execute scripts as other web users. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names CAN-2004-0519 and CAN-2004-0520 to these issues.

This update includes the SquirrelMail version 1.4.3a which is not vulnerable to these issues.

• Mon Jun 07 2004 Gary Benson <gbenson@redhat.com> 1.4.3-1
  • upgrade to 1.4.3a.
  • retain stuff after version when adding release to it.
• Wed Jun 02 2004 Gary Benson <gbenson@redhat.com>
  • upgrade to 1.4.3.

1a985829cd9b532953d8235083aa9ff2 SRPMS/squirrelmail-1.4.3-1.src.rpm
b76007bdb6f2a926d46cc6099e66a45d i386/squirrelmail-1.4.3-1.noarch.rpm
b76007bdb6f2a926d46cc6099e66a45d x86_64/squirrelmail-1.4.3-1.noarch.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

Product : Fedora Core 1
Name : squid
Version : 2.5.STABLE3
Release : 2.fc1
Summary : The Squid proxy caching server.

Description :
Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests.

Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools.

• Mon Jun 07 2004 Jay Fenlason <fenlason@redhat.com> 7:2.5.STABLE3-2.fc1
  • Backport patch for CAN-2004-0541: buffer overflow in ntlm auth helper.

ac5bbb825c3ab5223b1b26f162f24c19 SRPMS/squid-2.5.STABLE3-2.fc1.src.rpm
28f6216478b102cbddcf6de38ea8f126 i386/squid-2.5.STABLE3-2.fc1.i386.rpm
c8fb3a9ddc44e0e8d01a092993877ed7 i386/debug/squid-debuginfo-2.5.STABLE3-2.fc1.i386.rpm
e034b4a07c0e00a285f115be6ac63cfa x86_64/squid-2.5.STABLE3-2.fc1.x86_64.rpm
6a4992a5d0244b297ddc9ca44a312541 x86_64/debug/squid-debuginfo-2.5.STABLE3-2.fc1.x86_64.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

Product : Fedora Core 2
Name : squid
Version : 2.5.STABLE5
Release : 4.fc2
Summary : The Squid proxy caching server.

Description :
Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests.

Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools.

• Mon Jun 07 2004 Jay Fenlason <fenlason@redhat.com> 7:2.5.STABLE3-4.fc2
  • Backport security fix for ntlm auth helper (CAN-2004-0541).
• Thu Apr 08 2004 Jay Fenlason <fenlason@redhat.com> 7:2.5.STABLE5-3
  • Fix the -pipe patch to have the correct name of the winbind pipe.

b735863f8f52314d1ff9981c85ea56b2 SRPMS/squid-2.5.STABLE5-4.fc2.src.rpm
4d80ef2db40a68a7ba2ecffdec9d3372 i386/squid-2.5.STABLE5-4.fc2.i386.rpm
779417acbbfe0e022bc1525d9faae339 i386/debug/squid-debuginfo-2.5.STABLE5-4.fc2.i386.rpm
c8c1bc2cd95f892ce602e3e38e9e7823 x86_64/squid-2.5.STABLE5-4.fc2.x86_64.rpm
fcb5484591641424a956b23c97614963 x86_64/debug/squid-debuginfo-2.5.STABLE5-4.fc2.x86_64.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.