Updated SquirrelMail packages are now available for Red Hat Linux.
SquirrelMail is a webmail package written in PHP. Multiple vulnerabilities have been found which affect versions of SquirrelMail shipped with Red Hat Linux 8.0 and Red Hat Linux 9. Cross-site scripting vulnerabilities in SquirrelMail version 1.2.10 and earlier allow remote attackers to execute script as other Web users via mailbox displays, message displays, or search results displays. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0160 to these issues. All users are advised to upgrade to these errata packages containing SquirrelMail version 1.2.11, which is not vulnerable to these issues.