Product : Squirrelmail
Version : Squirrelmail v1.4.6
Topic :     Upgrade Fix

Details
Ensim announces the release of latest version of Squirrelmail which is v1.4.6.
Squirrelmail v1.4.6 has the following security fixes:

• Prohibit IMAP injection attempts
• Fix possible cross site scripting through the right main parameter of webmail.php. This now uses a whitelist of acceptable values.
• MagicHTML fix for comments in styles and parsing of url which allowed for cross site scripting when using Internet Explorer

This hotfix solves the problem on EPL 4.1.0 for the operating systems :

• Fedora Core 1 (FC1)
• Fedora Core 2 (FC2)
• Red Hat Enterprise Linux 3 (RHEL 3ES)
• Red Hat Enterprise Linux 4 (RHEL 4ES)

Upgradation Information:
Squirrelmail is upgraded to the latest version 1.4.6
Users can now upgrade from 1.4.5 to 1.4.6

Download:

1. Fedora Core 1
­ftp://ftp.ensim.com/download/pro/linux/4.1.0/hotfix/squirrelmail/virtualhosting-fst-sqmail-4.1.0-13.fc.1.i386.rpm
md5sum: 43453b07599aeda9b2d79cdafccb506c
2. Fedora Core 2
­ftp://ftp.ensim.com/download/pro/linux/4.1.0/hotfix/squirrelmail/virtualhosting-fst-sqmail-4.1.0-13.fc.2.i386.rpm
md5sum: 1caa1c05e4fb6cf10e12cc4fe5b27e9a
3. RedHat Enterprise Linux ES 3
ftp://ftp.ensim.com/download/pro/linux/4.1.0/hotfix/squirrelmail/virtualhosting-fst-sqmail-4.1.0-13.rhel.3ES.i386.rpm
md5sum: e434e372a3d6b3663f6abbc8d8b1b847
4. RedHat Enterprise Linux ES 4
ftp://ftp.ensim.com/download/pro/linux/4.1.0/hotfix/squirrelmail/virtualhosting-fst-sqmail-4.1.0-13.rhel.4ES.i386.rpm
md5sum: dff3be48a443e7c2861d67e619f8d5ff

Installation Instruction:

Download the rpm and install using following command.
rpm ­Uvh virtualhostingfstsqmail4.1.0-13.*.i386.rpm

Put the server in maintenance mode:
set_pre_maintenance
set_maintenance
set_post_maintenance
exit_post_maintenance

Restart webppliance
service webppliance restart

This script will upgrade all sites with squirrelmail v1.4.6 and all new sites created on server will have

updated squirrelmail.