A security hole, which allows for arbitrary code execution, has been recently discovered in the Snoopy web client library, which is bundled with Gregarius.
Only Gregarius installations which are publicly accessible on the Internet, and whose administration area is not password-protected are affected, but to avoid unnecessary risk Gregarius 0.5.2 has been re-released with a fix for this security hole. You are strongly encouraged to upgrade your installation.
You should either:
Download the updated release from sourceforge.net: make sure you download either of rss-0.5.2a.tar.gz or rss-0.5.2a.zip, or:
Replace the rss/extlib/Snoopy.inc.php file with the fixed version, or:
Upgrade your installation using a nightly build.
We apologize for the inconvenience :)
This entry was posted on Tuesday, November 1st, 2005 at 8:01 pm and is filed under releases, bugs, gregarius.
You can follow any responses to this entry through the RSS 2.0 feed.
You can skip to the end and leave a response. Pinging is currently not allowed.