|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jon Angliss (jon
netdork.net)
Date: Fri Dec 14 2007 - 11:22:45 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
All,
Due to the package compromise of 1.4.11, and 1.4.12, we are forced to
release 1.4.13 to ensure no confusions. While initial review didn't
uncover a need for concern, several proof of concepts show that the
package alterations introduce a high risk security issue, allowing
remote inclusion of files. These changes would allow a remote user the
ability to execute exploit code on a victim machine, without any user
interaction on the victim's server. This could grant the attacker the
ability to deploy further code on the victim's server.
We *STRONGLY* advise all users of 1.4.11, and 1.4.12 upgrade
immediately.
Package MD5s
============
1a1bdad6245aaabcdd23d9402acb388e squirrelmail-1.4.13.tar.bz2
51ddd67a7ff9272f5a6e1da0b9dfbf18 squirrelmail-1.4.13.tar.gz
ed8871a693cc57d5a0d511f7b89f8781 squirrelmail-1.4.13.zip
We apologies for the inconvenience this may have caused.
--
Happy SquirrelMailing!
The SquirrelMail Development Team
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFHYrvlK4PoFPj9H3MRAhwwAJ4y66m/hf/7mxiNJy0zVLpgKiG9lQCg+aUm
86RdS1Uap+6A4IT+ifc2jLc=
=MQra
-----END PGP MESSAGE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]