Dear all, At this page http://www.eudora.com/qpopper/#CURRENT . I read the things as quoted below. As Suse is still using 2.53 i would like to ask if they can please upgrade it to 3.02? Regards, Joop Boonen. Security Vulnerability Some versions of Qpopper are vulnerable to buffer overruns. Qpopper 2.41 and older can be used to obtain root access to your system. Qpopper 2.53 and older may permit an attacker who has access to a valid account to obtain a shell with group-id 'mail', potentially allowing read/write access to all mail. All users of Qpopper are urged to upgrade to the current version. Qpopper on Linux Linux users should not use versions of Qpopper older than 3.0.
On Wed, 7 Jun 2000 jboonen@worldonline.nl wrote:
Dear all,
At this page http://www.eudora.com/qpopper/#CURRENT . I read the things as quoted below. As Suse is still using 2.53 i would like to ask if they can please upgrade it to 3.02?
We have developed a fix. the RPMs will be available ASAP.
Regards,
Joop Boonen.
Security Vulnerability
Some versions of Qpopper are vulnerable to buffer overruns. Qpopper 2.41 and older can be used to obtain root access to your system. Qpopper 2.53 and older may permit an attacker who has access to a valid account to obtain a shell with group-id 'mail', potentially allowing read/write access to all mail.
All users of Qpopper are urged to upgrade to the current version.
Qpopper on Linux
Linux users should not use versions of Qpopper older than 3.0.
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
participants (2)
-
jboonen@worldonline.nl
-
Thomas Biege