Advisories » MGASA-2018-0188

Updated squirrelmail packages fix CVE-2018-8741

Publication date: 30 Mar 2018
Modification date: 30 Mar 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-8741

Description

Updated squirrelmail packages fix security vulnerabilities:
Filenames of attachment files are not sanitized, so attackers could read 
arbitrary files. (CVE-2018-8741)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22793
• http://openwall.com/lists/oss-security/2018/03/17/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8741

SRPMS

6/core

• squirrelmail-1.4.22-15.1.mga6

5/core

• squirrelmail-1.4.22-12.3.mga5