Re: [spamdyke-users] Still using 4.3.1
Thanks Sam. That's put my mind at ease. To my knowledge, there are no security issues in version 4.3.1. I've since fixed several bugs that can cause crashes, but nothing I can imagine could be a security risk. There have been recent bugs in OpenSSL and glibc; those libraries should definitely be upgraded anyway. spamdyke loads the libraries dynamically, which means they aren't included in the spamdyke binary, so just upgrading them should be enough -- the next time spamdyke starts (when the next remote server connects) it'll load the new version(s). If it's any consolation, spamdyke isn't vulnerable to the recent glibc "GHOST" bug -- the last version to use the vulnerable gethostbyname() function was 3.0.1, back in 2007. -- Sam Clippinger ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Still using 4.3.1
To my knowledge, there are no security issues in version 4.3.1. I've since fixed several bugs that can cause crashes, but nothing I can imagine could be a security risk. There have been recent bugs in OpenSSL and glibc; those libraries should definitely be upgraded anyway. spamdyke loads the libraries dynamically, which means they aren't included in the spamdyke binary, so just upgrading them should be enough -- the next time spamdyke starts (when the next remote server connects) it'll load the new version(s). If it's any consolation, spamdyke isn't vulnerable to the recent glibc "GHOST" bug -- the last version to use the vulnerable gethostbyname() function was 3.0.1, back in 2007. -- Sam Clippinger On Feb 2, 2015, at 3:40 PM, Faris Raouf via spamdyke-users wrote: > Dear all, > > Forgive me for asking this question – I’m not a coder. > > I’ve noticed that a few systems I look after use Spamdyke 4.3.1, compiled > back in 2012 or 2013. > > Are there any security issues with this version? > > Would any of the various vulnerabilities found in certain ancillary linux > packages over the past few years have any impact (i.e. I’m wondering if I > should recompile). > > > > > ___ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Still using 4.3.1
Dear all, Forgive me for asking this question - I'm not a coder. I've noticed that a few systems I look after use Spamdyke 4.3.1, compiled back in 2012 or 2013. Are there any security issues with this version? Would any of the various vulnerabilities found in certain ancillary linux packages over the past few years have any impact (i.e. I'm wondering if I should recompile). ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users