USN-201-1: SqWebmail vulnerabilities

12 October 2005

courier vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

Several Cross Site Scripting vulnerabilities were discovered in SqWebmail. A remote attacker could exploit this to execute arbitrary JavaScript or other active HTML embeddable content in the web browser of an SqWebmail user by sending specially crafted emails to him.

Please note that the “sqwebmail” package is not officially supported by Ubuntu (it is in the “universe” section of the archive).

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.04
sqwebmail
Ubuntu 4.10
sqwebmail

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References