Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation
Reload this Page Warning - SquirrelMail security issue!
Register FAQ Members List Social Groups Calendar Search Today's Posts Mark Forums Read

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 19th December 2007, 21:54
wpwood3 wpwood3 is offline
Senior Member
  
Join Date: Oct 2007
Location: Atlanta, GA USA
Posts: 197
Thanks: 21
Thanked 30 Times in 20 Posts
Exclamation Warning - SquirrelMail security issue!
The SquirrelMail team announced on Dec 14, 2007 that there was a package compromise of versions 1.4.11 and 1.4.12. Hackers gained access to the package repository and made modifications to the release packages.

If you are running one of these versions you should upgrade to 1.4.13 immediately.

More info on the SquirrelMail website:
http://www.squirrelmail.org/
__________________
CentOS 5.4 64bit (the Perfect Setup)
ISPConfig 2.2.40
WP3 Photography
Reply With Quote
Sponsored Links
  #2  
Old 19th December 2007, 23:18
chipsafts chipsafts is offline
Senior Member
  
Join Date: Nov 2007
Posts: 184
Thanks: 2
Thanked 6 Times in 6 Posts
Question
We are running SquirrelMail 1.4.6-3 on a RH9 server and none of our yum's have a later version.
How can we update the SquirrelMail to 1.4.13 or are we better off not trying?
Reply With Quote
  #3  
Old 19th December 2007, 23:30
wpwood3 wpwood3 is offline
Senior Member
  
Join Date: Oct 2007
Location: Atlanta, GA USA
Posts: 197
Thanks: 21
Thanked 30 Times in 20 Posts
Default
Only versions 1.4.11 and 1.4.12 have the security so you can stick with 1.4.6 if you want to.

Upgrading SquirrelMail is not a big deal. I just upgraded my 1.4.11 by simply downloading version 1.4.13 from the SquirrelMail website and overwriting the old files with the new ones.
__________________
CentOS 5.4 64bit (the Perfect Setup)
ISPConfig 2.2.40
WP3 Photography
Reply With Quote
  #4  
Old 20th December 2007, 01:16
chipsafts chipsafts is offline
Senior Member
  
Join Date: Nov 2007
Posts: 184
Thanks: 2
Thanked 6 Times in 6 Posts
 
Default
huh? overwriting which old file with new ones?

Interesting and a bit disconcerning that RPMFind's latest version for any system is 1.4.10a-17.4 , which makes me wonder if there are not oodles of configuration or usability problems with the latest versions.
Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix delivery problem erebus Installation/Configuration 6 28th October 2007 16:20
Installation Troubles bswinnerton Installation/Configuration 4 29th July 2007 16:56
postfix problems with smtp linkdeb Server Operation 9 24th October 2006 17:12
Howto suggestion suse PhP ver 4 + Ver 5 wwparrish Suggest HOWTO 11 7th August 2006 13:29
Installation Big issue OpenVZ VPS jbond007 Installation/Configuration 3 7th March 2006 19:40


All times are GMT +2. The time now is 23:48.

Contact Us - HowtoForge - Linux Howtos and Tutorials - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.