|
Family: Ubuntu Local Security Checks --> Category: infos
USN201-1 : courier vulnerabilities Vulnerability Scan
Vulnerability Scan Summary courier vulnerabilities
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- courier-authdaemon
- courier-authmysql
- courier-authpostgresql
- courier-base
- courier-doc
- courier-faxmail
- courier-imap
- courier-imap-ssl
- courier-ldap
- courier-maildrop
- courier-mlm
- courier-mta
- courier-mta-ssl
- courier-pcp
- courier-pop
- courier-pop-ssl
- courier-ssl
- courier-webadmin
- sqwebmail
Description :
Several Cross Site Scripting vulnerabilities were discovered in
SqWebmail. A remote attacker could exploit this to execute arbitrary
JavaScript or other active HTML embeddable content in the web browser
of an SqWebmail user by sending specially crafted emails to him.
Please note that the "sqwebmail" package is not officially supported
by Ubuntu (it is in the "universe" section of the archive).
Solution :
Upgrade to :
- courier-authdaemon-0.47-3ubuntu1.3 (Ubuntu 5.04)
- courier-authmysql-0.47-3ubuntu1.3 (Ubuntu 5.04)
- courier-authpostgresql-0.47-3ubuntu1.3 (Ubuntu 5.04)
- courier-base-0.47-3ubuntu1.3 (Ubuntu 5.04)
- courier-doc-0.47-3ubuntu1.3 (Ubuntu 5.04)
- courier-faxmail-0.47-3ubuntu1.3 (Ubuntu 5.04)
- courier-imap-3.0.8-3ubuntu1.3 (Ubuntu 5.04)
- courier-imap-ssl-3.0.8-3ubuntu1.3 (Ubuntu 5.04)
- courier-ldap-0.47-3ubuntu1.3 (Ubuntu 5.04)
- courier-maildrop-0.47-3ubuntu1.3 (Ubuntu 5.04)
- courier-mlm-
[...]
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|