Advisories » MGASA-2017-0121

Updated squirrelmail packages fix security vulnerability

Publication date: 01 May 2017
Modification date: 01 May 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-7692

Description

Squirrelmail version 1.4.22 (and probably prior) is vulnerable to a remote
code execution vulnerability because it fails to sanitize a string before
passing it to a popen call. It's possible to exploit this vulnerability to
execute arbitrary shell commands on the remote server (CVE-2017-7692).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20703
• http://openwall.com/lists/oss-security/2017/04/19/6
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7692

SRPMS

5/core

• squirrelmail-1.4.22-12.2.mga5