In association with heise online

17 December 2007, 10:30

SquirrelMail 1.4.13 security release

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

After a more thorough investigation, the developers of the SquirrelMail web mail system have categorized the manipulations to the installation archives of versions 1.4.12 and 1.4.11 that were recently made public as far more dangerous than initially believed. It turns out that attackers could use the modifications to include arbitrary script code and have it executed by the server.

The initial analysis wrongly concluded that the changes would not be critical. The SquirrelMail developers released version 1.4.13 to prevent any further confusions over original and manipulated installation archives circulating on the internet. They advise all SquirrelMail admins running versions 1.4.12 or 1.4.11 to upgrade to the new version as soon as possible.

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-735667
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit