Gentoo Security Advisory GLSA 200409-01 (vpopmail)

Summary
The remote host is missing updates announced in advisory GLSA 200409-01.
Solution
All vpopmail users should upgrade to the latest version: # emerge sync # emerge -pv '>=net-mail/vpopmail-5.4.6' # emerge '>=net-mail/vpopmail-5.4.6' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200409-01 http://bugs.gentoo.org/show_bug.cgi?id=60844 http://sourceforge.net/forum/forum.php?forum_id=400873 http://www.securityfocus.com/archive/1/371913/2004-08-15/2004-08-21/0
Insight
vpopmail contains several bugs making it vulnerable to several SQL injection exploits as well as one buffer overflow and one format string exploit when using Sybase. This could lead to the execution of arbitrary code.