Mailinglist Archive: opensuse-updates (86 mails)

< Previous Next >
openSUSE-SU-2014:0715-1: moderate: PostfixAdmin: update to 2.3.7
openSUSE Security Update: PostfixAdmin: update to 2.3.7
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:0715-1
Rating: moderate
References: #870434
Cross-References: CVE-2014-2655
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

Update PostfixAdmin to 2.3.7:
- fix a SQL injection in list-virtual.php (CVE-2014-2655, bnc#870434)
- add support for new longer TLDs like .international
- fix various small bugs
- translation updates for lt and da
- vacation.pl: disable use of TLS by default due to a bug in Mail::Sender
0.8.22 (you can re-enable it with $smtp_tls_allowed)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-393

- openSUSE 12.3:

zypper in -t patch openSUSE-2014-393

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.1 (noarch):

postfixadmin-2.3.7-5.4.1

- openSUSE 12.3 (noarch):

postfixadmin-2.3.7-2.4.1


References:

http://support.novell.com/security/cve/CVE-2014-2655.html
https://bugzilla.novell.com/870434


< Previous Next >
This Thread
  • No further messages