Advisories ยป MGASA-2017-0121

Updated squirrelmail packages fix security vulnerability

Publication date: 01 May 2017
Modification date: 01 May 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-7692

Description

Squirrelmail version 1.4.22 (and probably prior) is vulnerable to a remote
code execution vulnerability because it fails to sanitize a string before
passing it to a popen call. It's possible to exploit this vulnerability to
execute arbitrary shell commands on the remote server (CVE-2017-7692).
                

References

SRPMS

5/core