Mandrake Security Advisory MDKSA-2006:226 (squirrelmail)

Test ID: 57705
Category: Mandrake Local Security Checks
Title: Mandrake Security Advisory MDKSA-2006:226 (squirrelmail)
Summary: Mandrake Security Advisory MDKSA-2006:226 (squirrelmail)
Description:
The remote host is missing an update to squirrelmail
announced via advisory MDKSA-2006:226.

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail
1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web
script or HTML via the (1) mailto parameter in (a) webmail.php, the (2)
session and (3) delete_draft parameters in (b) compose.php, and (4)
unspecified vectors involving a shortcoming in the magicHTML filter.

Updated packages are patched to address these issues.

Affected: Corporate 3.0, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:226

Risk factor : High
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-6142