1.192. squirrelmail
1.192.1. RHSA-2009:1490: Moderate security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1490
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
SquirrelMail is a standards-based webmail package written in PHP.
Form submissions in SquirrelMail did not implement protection against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a user into visiting a malicious web page, the attacker could hijack that user's authentication, inject malicious content into that user's preferences, or possibly send mail without that user's permission. (CVE-2009-2964)
Users of SquirrelMail should upgrade to this updated package, which contains a backported patch to correct these issues.