Due to the package compromise of SquirrelMail 1.4.11, and 1.4.12, we are forced to release 1.4.13. Tests showed that the package alterations introduce a high risk security issue, allowing remote inclusion of files. These changes would allow a remote user the ability to execute exploit code on a victim machine, without any user interaction on the victim’s server. This could grant the attacker the ability to deploy further code on the victim’s server. New patched version is available for download at squirrelmail.org

Apple has shipped new update for Java runtime to patch about 18 vulnerabilities that expose Mac OS X users to remote code execution attacks. The Java Release 6 for Mac OS X 10.4 patches multiple critical holes in Java, Java 1.4 and J2SE 5.0, and includes a well-known issue that was left unpatched by Apple for more than a year.