Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 19th December 2007, 21:54
wpwood3 wpwood3 is offline
Senior Member
 
Join Date: Oct 2007
Location: Atlanta, GA USA
Posts: 197
Thanks: 21
Thanked 31 Times in 21 Posts
Exclamation Warning - SquirrelMail security issue!

The SquirrelMail team announced on Dec 14, 2007 that there was a package compromise of versions 1.4.11 and 1.4.12. Hackers gained access to the package repository and made modifications to the release packages.

If you are running one of these versions you should upgrade to 1.4.13 immediately.

More info on the SquirrelMail website:
http://www.squirrelmail.org/
__________________
CentOS 5.4 64bit (the Perfect Setup)
ISPConfig 2.2.40
WP3 Photography
Reply With Quote
Sponsored Links
  #2  
Old 19th December 2007, 23:18
chipsafts chipsafts is offline
Senior Member
 
Join Date: Nov 2007
Posts: 184
Thanks: 2
Thanked 6 Times in 6 Posts
Question

We are running SquirrelMail 1.4.6-3 on a RH9 server and none of our yum's have a later version.
How can we update the SquirrelMail to 1.4.13 or are we better off not trying?
Reply With Quote
  #3  
Old 19th December 2007, 23:30
wpwood3 wpwood3 is offline
Senior Member
 
Join Date: Oct 2007
Location: Atlanta, GA USA
Posts: 197
Thanks: 21
Thanked 31 Times in 21 Posts
Default

Only versions 1.4.11 and 1.4.12 have the security so you can stick with 1.4.6 if you want to.

Upgrading SquirrelMail is not a big deal. I just upgraded my 1.4.11 by simply downloading version 1.4.13 from the SquirrelMail website and overwriting the old files with the new ones.
__________________
CentOS 5.4 64bit (the Perfect Setup)
ISPConfig 2.2.40
WP3 Photography
Reply With Quote
  #4  
Old 20th December 2007, 01:16
chipsafts chipsafts is offline
Senior Member
 
Join Date: Nov 2007
Posts: 184
Thanks: 2
Thanked 6 Times in 6 Posts
Default

huh? overwriting which old file with new ones?

Interesting and a bit disconcerning that RPMFind's latest version for any system is 1.4.10a-17.4 , which makes me wonder if there are not oodles of configuration or usability problems with the latest versions.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix delivery problem erebus Installation/Configuration 8 29th July 2014 20:17
postfix problems with smtp linkdeb Server Operation 13 15th March 2014 17:58
Installation Troubles bswinnerton Installation/Configuration 4 29th July 2007 16:56
Howto suggestion suse PhP ver 4 + Ver 5 wwparrish Suggest HOWTO 11 7th August 2006 13:29
Installation Big issue OpenVZ VPS jbond007 Installation/Configuration 3 7th March 2006 19:40


All times are GMT +2. The time now is 20:20.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.