In association with heise online

« previous | next »
13 May 2009, 12:31

Security Update for SquirrelMail

The SquirrelMail developers have announced the release of version 1.4.18 of their open source standards based webmail package. The update fixes multiple security problems, including several cross-site scripting (XSS) vulnerabilities and a session fixation issue, which could be used to steal user log-in credentials.

A "dangerous" server-side code execution vulnerability has also been patched, however, the developers do not provide any other details. The release also includes three new languages and enhancements to the filter plug-ins and address book system.

Version 1.4.18 is available to download and all users are advised to update. SquirrelMail is released under the GNU General Public License (GPL).

See also:

  • Security, an overview of known SquirrelMail security issues.

(crve)

Add your comment

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-741545

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung Galaxy S2 i9100 16GB schwarz
  2. Crucial m4 SSD 128GB
  3. Intel Core i5-2500K
  4. TeamGroup Elite DIMM Kit 8GB PC3-10667U CL9-9-9-24 (DDR3-1333)
  5. Intel Core i7-2600K
  6. ASUS EAH6870 DC/2DI2S/1GD5
  7. ASRock Z68 Pro3
  8. Samsung Galaxy S Plus i9001 schwarz 8GB
  9. Samsung EcoGreen F4 2000GB
  10. Samsung Galaxy S i9000 schwarz 8GB

The H

The H open source

The H Security

The H Internet Toolkit