Debian-Sicherheitsankündigung

DSA-533-1 courier -- Cross-Site-Scripting

Datum des Berichts:

22. Jul 2004

Betroffene Pakete:

courier

Verwundbar:

Sicherheitsdatenbanken-Referenzen:

In der Bugtraq-Datenbank (bei SecurityFocus): BugTraq ID 10588.
In Mitres CVE-Verzeichnis: CVE-2004-0591.

Weitere Informationen:

Eine Cross-Site-Scripting-Verwundbarkeit wurde in sqwebmail entdeckt, einer Webmail-Applikation, die von der courier-Mailsuite zur Verfügung gestellt wird. Dadurch kann ein Angreifer ein Webskript innerhalb des Sicherheitskontexts der sqwebmail-Applikation ausführen lassen, indem er dieses über eine E-Mail-Nachricht einschleust.

Für die aktuelle Stable-Distribution (Woody) wurde dieses Problem in Version 0.37.3-2.5 behoben.

Für die Unstable-Distribution (Sid) wurde dieses Problem in Version 0.45.4-4 behoben.

Wir empfehlen Ihnen, Ihr courier-Paket zu aktualisieren.

Behoben in:

Debian GNU/Linux 3.0 (woody)

Quellcode:: http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.5.dsc; http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.5.diff.gz; http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3.orig.tar.gz
Architektur-unabhängige Dateien:: http://security.debian.org/pool/updates/main/c/courier/courier-doc_0.37.3-2.5_all.deb
ARM:: http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_arm.deb; http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_arm.deb; http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_arm.deb; http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_arm.deb; http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_arm.deb; http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_arm.deb; http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_arm.deb; http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_arm.deb; http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_arm.deb; http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_arm.deb; http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_arm.deb; http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_arm.deb; http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_i386.deb; http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_i386.deb; http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_i386.deb; http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_i386.deb; http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_i386.deb; http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_i386.deb; http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_i386.deb; http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_i386.deb; http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_i386.deb; http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_i386.deb; http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_i386.deb; http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_i386.deb; http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_ia64.deb; http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_ia64.deb; http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_ia64.deb; http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_ia64.deb; http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_ia64.deb; http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_ia64.deb; http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_ia64.deb; http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_ia64.deb; http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_ia64.deb; http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_ia64.deb; http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_ia64.deb; http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_ia64.deb; http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_hppa.deb; http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_hppa.deb; http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_hppa.deb; http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_hppa.deb; http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_hppa.deb; http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_hppa.deb; http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_hppa.deb; http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_hppa.deb; http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_hppa.deb; http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_hppa.deb; http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_hppa.deb; http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_hppa.deb; http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_m68k.deb; http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_m68k.deb; http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_m68k.deb; http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_m68k.deb; http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_m68k.deb; http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_m68k.deb; http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_m68k.deb; http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_m68k.deb; http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_m68k.deb; http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_m68k.deb; http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_m68k.deb; http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_m68k.deb; http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_mips.deb; http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_mips.deb; http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_mips.deb; http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_mips.deb; http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_mips.deb; http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_mips.deb; http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_mips.deb; http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_mips.deb; http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_mips.deb; http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_mips.deb; http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_mips.deb; http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_mips.deb; http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_mipsel.deb; http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_mipsel.deb; http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_mipsel.deb; http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_mipsel.deb; http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_mipsel.deb; http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_mipsel.deb; http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_mipsel.deb; http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_mipsel.deb; http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_mipsel.deb; http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_mipsel.deb; http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_mipsel.deb; http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_mipsel.deb; http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_powerpc.deb; http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_powerpc.deb; http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_powerpc.deb; http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_powerpc.deb; http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_powerpc.deb; http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_powerpc.deb; http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_powerpc.deb; http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_powerpc.deb; http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_powerpc.deb; http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_powerpc.deb; http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_powerpc.deb; http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_powerpc.deb; http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_s390.deb; http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_s390.deb; http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_s390.deb; http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_s390.deb; http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_s390.deb; http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_s390.deb; http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_s390.deb; http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_s390.deb; http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_s390.deb; http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_s390.deb; http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_s390.deb; http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_s390.deb; http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_sparc.deb; http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_sparc.deb; http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_sparc.deb; http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_sparc.deb; http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_sparc.deb; http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_sparc.deb; http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_sparc.deb; http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_sparc.deb; http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_sparc.deb; http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_sparc.deb; http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_sparc.deb; http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_sparc.deb; http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_sparc.deb

MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.