[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] RaQ3/RaQ4 Qpopper-4.0.5fc2 PKG released

>
>Hi all,
>
>To fix the recently discovered vulnerability in Qpopper-4.0.4 
>I created a PKG 
>for the RaQ3 and RaQ4 which is based on the 4.0.5fc2 sources 
>of Qpopper.
>
>Who should upgrade? Basically everyone who installed the Solarspeed 
>Qpopper-4.0.4 for the RaQ3 and RaQ4. 
>
>A stock Cobalt RaQ3 or RaQ4 is not vulnerable to this issue - 
>unless you 
>installed the free Qpopper-4.0.4 upgrade or compiled 
>Qpopper-4.0.4 yourself 
>from the sources.
>
>The new PKG can be downloaded here:
>
>http://www.solarspeed.net/downloads/index.php
>
>As this is an often asked question in regards to Qpopper, here are the 
>configure options I used when compiling the sources:
>
>./configure --prefix=/usr               \
>            --enable-apop=/etc/pop.auth \
>            --with-popuid=pop           \
>            --enable-specialauth        \
>            --enable-servermode         \
>            --enable-uw-kludge          \
>            --enable-log-login
>
>Before someone asks the next obvious question:
>
>The option ...
>
>	--with-pam=qpop
>
>... was NOT used for performance reasons. So this package 
>doesn't use PAM 
>authentication because POP based authentication against PAM 
>uses a tremendous 
>amount of ressources without any actual gains. So especially 
>on heavy duty 
>POP3 servers this package will create less load than the previos 
>Qpopper-4.0.4 or the stock Sun Cobalt Qpopper-3.0.2.
>
>-- 
>
>With best regards,
>
>Michael Stauber
>

I have CobaltWorld Qpopper Update Release 3.0.2-C6 installed on 2
RaQ4r's. Can I install your pkg to replace this?

Richard



--
This message has been scanned for viruses and dangerous content by the Help Internet Virus Spam Defence, and is
believed to be clean. For details on having your email scanned email support@xxxxxxxxxxxxxxxxxx