Warning - SquirrelMail security issue!

Discussion in 'Server Operation' started by wpwood3, Dec 19, 2007.

  1. wpwood3

    wpwood3 New Member

    The SquirrelMail team announced on Dec 14, 2007 that there was a package compromise of versions 1.4.11 and 1.4.12. Hackers gained access to the package repository and made modifications to the release packages.

    If you are running one of these versions you should upgrade to 1.4.13 immediately.

    More info on the SquirrelMail website:
  2. chipsafts

    chipsafts New Member

    We are running SquirrelMail 1.4.6-3 on a RH9 server and none of our yum's have a later version.
    How can we update the SquirrelMail to 1.4.13 or are we better off not trying?
  3. wpwood3

    wpwood3 New Member

    Only versions 1.4.11 and 1.4.12 have the security so you can stick with 1.4.6 if you want to.

    Upgrading SquirrelMail is not a big deal. I just upgraded my 1.4.11 by simply downloading version 1.4.13 from the SquirrelMail website and overwriting the old files with the new ones.
  4. chipsafts

    chipsafts New Member

    huh? overwriting which old file with new ones?

    Interesting and a bit disconcerning that RPMFind's latest version for any system is 1.4.10a-17.4 , which makes me wonder if there are not oodles of configuration or usability problems with the latest versions.

Share This Page