Roundcube vulnerability

8 posts / 0 new
Last post
#1 Thu, 01/01/2009 - 05:56
pixel_paul
pixel_paul's picture

Roundcube vulnerability

Happy New Year :)

http://www.directadmin.com/forum/showthread.php?p=146742#post146742

My server appears to have been hit by this.....

Thu, 01/01/2009 - 12:16
andreychek

Howdy,

Can you pop that into the Bug Tracker? I suspect Jamie may want to know so he can expedite an updated copy of that.

Thanks!
-Eric

Fri, 01/09/2009 - 09:54 (Reply to #2)
Transmobius

The script fails because the SQL init/upgrade files have been renamed.

Is it enough to just restrict access to Roundcube with .htaccess?

Thu, 01/01/2009 - 13:10
pixel_paul
pixel_paul's picture

I've added this to the bug tracker, but its screwed up the formatting as I posted a link....

Cheers,

Paul

Thu, 01/01/2009 - 13:24
pixel_paul
pixel_paul's picture

For those updating to version 0.2 - save yourself sometime and make sure that you have PHP 5.2 installed, as this is now the minimum PHP version to use it.

Cheers,

Paul

Fri, 01/09/2009 - 08:27
Transmobius

Is there an updated install (upgrade) script coming?

Fri, 01/09/2009 - 08:32 (Reply to #6)
andreychek

Yup!

There's some details here:

http://www.virtualmin.com/index.php?option=com_fireboard&Itemid=77&a...

But, the new RoundCube will be available in the next Virtualmin version.

To upgrade sooner, you can go into the "Upgrade to Un-Supported version" section of the Install Scripts, and enter "0.2-stable" for the RoundCube version to use.
-Eric

Thu, 01/15/2009 - 00:49
pixel_paul
pixel_paul's picture

Jamie has provided an amended script available here:

[url]http://www.virtualmin.com/index.php?option=com_flyspray&Itemid=99999...

Topic locked