Security Update for SquirrelMail
The SquirrelMail developers have announced the release of version 1.4.18 of their open source standards based webmail package. The update fixes multiple security problems, including several cross-site scripting (XSS) vulnerabilities and a session fixation issue, which could be used to steal user log-in credentials.
A "dangerous" server-side code execution vulnerability has also been patched, however, the developers do not provide any other details. The release also includes three new languages and enhancements to the filter plug-ins and address book system.
Version 1.4.18 is available to download and all users are advised to update. SquirrelMail is released under the GNU General Public License (GPL).
See also:
- Security, an overview of known SquirrelMail security issues.
(crve)