Ensim Pro for Linux 4.1.0 Hotfix 37 Release notes Introduction ------------ This hotfix is to resolve the issue of Cross site scripting via a shortcoming in the magicHTML filter. This has been addressed in squirrelmail 1.4.9 and upper version. Hotfix information ------------------ Hotfix date: 09-Jan-2007 Applies to: Ensim Pro for Linux - 4.1.0 - FC1/FC2/RHEL3ES/RHEL4ES Hotfix file information ----------------------- This hotfix contains the following files: FC1: virtualhosting-fst-sqmail-4.1.0-14.fc.1.i386.rpm Md5 Sum: 497fcdf396bc6a10be73cee2deb911cb FC2: virtualhosting-fst-sqmail-4.1.0-14.fc.2.i386.rpm Md5 Sum: 11b9fec20c79dd60c690101881702a2e RHEL3ES: virtualhosting-fst-sqmail-4.1.0-14.rhel.3ES.i386.rpm Md5 Sum: ccfc3675c982bf4ad348eb3f81a24db2 RHEL4ES: virtualhosting-fst-sqmail-4.1.0-14.rhel.4ES.i386.rpm Md5 Sum: fc96d5879e755b2410457bdfb7e03434 Resolved Issues --------------- This hotfix resolves the following issue. The numbers in parentheses indicate the Ensim problem report (PR) number Issue: Security: squirrelmail has cross site scripting vulnerability (upgrade to 1.4.9a) Resolution: The hotfix will upgrade the Squirrelmail version to 1.4.9a. Prerequisites: None Time requirements and customer impact: None Installing the hotfix --------------------- This section explains how to install the hotfix. Pre-installation instructions: None Installation instructions: Download the following RPM. For FC1: rpm -Uvh virtualhosting-fst-sqmail-4.1.0-14.fc.1.i386.rpm For FC2: rpm -Uvh virtualhosting-fst-sqmail-4.1.0-14.fc.2.i386.rpm For RHEL3ES: rpm -Uvh virtualhosting-fst-sqmail-4.1.0-14.rhel.3ES.i386.rpm For RHEL4ES: rpm -Uvh virtualhosting-fst-sqmail-4.1.0-14.rhel.4ES.i386.rpm Post-installation instructions: 1. set_pre_maintenance;set_maintenance;set_post_maintenance 2. service webppliance restart -------------------------------------------------------------------------------- Ensim Corporation 1366 Borregas Avenue Sunnyvale, California 94089