Parallels

Product : Ensim Pro for Linux
Version : 4.1.0 (Fedora Core 1, Fedora Core 2, Red Hat Enterprise Linux 3ES, Red Hat Enterprise Linux 4ES)
Date :  09-January-2007
Description :

http://squirrelmail.org/security/issue/2006-12-02
Cross site scripting vulnerability via malicious input to the mailto parameter of webmail.php, the session and delete_draft parameters of compose.php. This has been addressed in 1.4.9a.
Cross site scripting vulnerability via a shortcoming in the magicHTML filter. This has been addressed in 1.4.9 and improved in 1.4.9a.
Affected Versions: 1.4.0 - 1.4.9 Register Globals: Register_globals does not have to be on for this issue.
This hotfix resolves the issue on Ensim Pro for Linux v4.1.0 for the following operating systems :
Fedora Core 1 (FC1)
Fedora Core 2 (FC2)
RHEL3ES
RHEL4ES       
              
Download :

For fc1:
http://download.swsoft.com/ensim/download/pro/linux/4.1.0/hotfix/squirrelmail1.4.9a/fc1/virtualhosting-fst-sqmail-4.1.0-14.fc.1.i386.rpm
md5sum: 497fcdf396bc6a10be73cee2deb911cb

For fc2:
http://download.swsoft.com/ensim/download/pro/linux/4.1.0/hotfix/squirrelmail1.4.9a/fc2/virtualhosting-fst-sqmail-4.1.0-14.fc.2.i386.rpm
md5sum: 11b9fec20c79dd60c690101881702a2e

For RHEL3:
http://download.swsoft.com/ensim/download/pro/linux/4.1.0/hotfix/squirrelmail1.4.9a/rhel3/virtualhosting-fst-sqmail-4.1.0-14.rhel.3ES.i386.rpm
md5sum: ccfc3675c982bf4ad348eb3f81a24db2

For RHEL4:
http://download.swsoft.com/ensim/download/pro/linux/4.1.0/hotfix/squirrelmail1.4.9a/rhel4/virtualhosting-fst-sqmail-4.1.0-14.rhel.4ES.i386.rpm
md5sum: fc96d5879e755b2410457bdfb7e03434

Installation Procedure:
The following instructions need to be executed by the end customer in order to apply this fix:

1. rpm -Uvh virtualhosting-fst-sqmail-4.1.0-14.*.rpm
2. set_pre_maintenance && set_maintenance && set_post_maintenance
3. service webppliance restart