From: Marc P. <ma...@en...> - 2006-03-09 17:32:31
|
> -----Original Message----- > From: squ...@li... [mailto:squirrelmail- > use...@li...] On Behalf Of Steven Garner > Sent: Thursday, March 09, 2006 11:22 AM > To: squ...@li... > Subject: [SM-USERS] Mac OS X Security Update >=20 > I just ran a Mac OS X Security Update for Mac OS X 10.3.9 on two boxes > running SquirrelMail, and both of them are now 'broken'. I can login to > SquirrelMail fine, and do anything but read a message. If I try to read a > message, I get a fatal 30 second timeout message. >=20 > The update was Security Update 2006-001: >=20 > http://docs.info.apple.com/article.html?artnum=3D303382 >=20 > Which includes amongst other things: >=20 > ---------------------------------------------- > apache_mod_php >=20 > CVE-ID: CVE-2005-3319, CVE-2005-3353, CVE-2005-3391, CVE-2005-3392 >=20 > Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X > v10.4.5, Mac OS X Server v10.4.5 >=20 > Impact: Multiple security issues in PHP 4.4 >=20 > Description: PHP 4.4.1 fixes several security issues in the Apache > module and scripting environment. Details of the fixes are available via > the PHP web site (www.php.net). PHP ships with Mac OS X but is disabled by > default. > ---------------------------------------------- >=20 > Any thoughts? Search the archives or visit the SM homepage. This is probably old news -- SquirrelMail and PHP 4.4.1 issues Nov 07, 2005 by Tomas Kuliavas PHP developers released PHP 4.4.1 version on 2005-10-31. Security fixes introduced bug, which affects three SquirrelMail functions. If your SquirrelMail install does not use server side sorting, PHP bug can create infinite loop in message display. If you are using PHP 4.4.1, you should update it to 4.4.x-dev or apply patch. Links are provided in the news item or enable server side sorting if your IMAP server supports it. -- Marc |