[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] RaQ3/RaQ4 Qpopper-4.0.5fc2 PKG released
- Subject: RE: [cobalt-security] RaQ3/RaQ4 Qpopper-4.0.5fc2 PKG released
- From: "Goade, Matthew" <mgoade@xxxxxxxxxxxxxxx>
- Date: Thu, 13 Mar 2003 08:33:00 -0600
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Michael,
Great pkg! No wonder it takes Sun so long, they just rely on the open community to take care of each other.
Thanks!
-----Original Message-----
From: Michael Stauber [mailto:cobalt@xxxxxxxxxxxxxx]
Sent: Wednesday, March 12, 2003 6:50 PM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: [cobalt-security] RaQ3/RaQ4 Qpopper-4.0.5fc2 PKG released
Hi all,
To fix the recently discovered vulnerability in Qpopper-4.0.4 I created a PKG
for the RaQ3 and RaQ4 which is based on the 4.0.5fc2 sources of Qpopper.
Who should upgrade? Basically everyone who installed the Solarspeed
Qpopper-4.0.4 for the RaQ3 and RaQ4.
A stock Cobalt RaQ3 or RaQ4 is not vulnerable to this issue - unless you
installed the free Qpopper-4.0.4 upgrade or compiled Qpopper-4.0.4 yourself
from the sources.
The new PKG can be downloaded here:
http://www.solarspeed.net/downloads/index.php
As this is an often asked question in regards to Qpopper, here are the
configure options I used when compiling the sources:
./configure --prefix=/usr \
--enable-apop=/etc/pop.auth \
--with-popuid=pop \
--enable-specialauth \
--enable-servermode \
--enable-uw-kludge \
--enable-log-login
Before someone asks the next obvious question:
The option ...
--with-pam=qpop
... was NOT used for performance reasons. So this package doesn't use PAM
authentication because POP based authentication against PAM uses a tremendous
amount of ressources without any actual gains. So especially on heavy duty
POP3 servers this package will create less load than the previos
Qpopper-4.0.4 or the stock Sun Cobalt Qpopper-3.0.2.
--
With best regards,
Michael Stauber
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security