Ubuntu Security Notice USN-201-1
11th October, 2005
courier vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.04
- Ubuntu 4.10
Details
Several Cross Site Scripting vulnerabilities were discovered in
SqWebmail. A remote attacker could exploit this to execute arbitrary
JavaScript or other active HTML embeddable content in the web browser
of an SqWebmail user by sending specially crafted emails to him.
Please note that the "sqwebmail" package is not officially supported
by Ubuntu (it is in the "universe" section of the archive).
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 5.04:
- sqwebmail
- Ubuntu 4.10:
- sqwebmail
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None