Geetings to the community
An important security issue was brought recently to our attention by Core Advisories Team, which will also issue a public warning next week.
Using a specially crafted url a malicious user can acquire web server privileges on systems running efront. A patch is already available, all 3.5.x users are strongly recommended to download and apply it
Important security fix for all 3.5.x versions
4 posts
• Page 1 of 1
Important security fix for all 3.5.x versions
by periklis » Sun Mar 14, 2010 9:22 am
Periklis Venakis
eFront- eLearning and Skill Development Solution for Companies and Educational Institutes
Consider our wide range of added-value services to get things running smoothly on your eLearning environment
eFront- eLearning and Skill Development Solution for Companies and Educational Institutes
Consider our wide range of added-value services to get things running smoothly on your eLearning environment
- periklis
- Posts: 4272
- Joined: Thu Oct 04, 2007 10:54 am
Re: Important security fix for all 3.5.x versions
by periklis » Sun Mar 14, 2010 12:41 pm
btw, the offending file is www/editor/tiny_mce/langs/language.php. This is not needed in 3.6.0 and has been removed. However, it may be left over in cases 3.5.5 sites where updated to 3.6. If you are running 3.6.0 and have this file, it's safe to delete it. Next efront update will automatically remove the file from the system.
Periklis Venakis
eFront- eLearning and Skill Development Solution for Companies and Educational Institutes
Consider our wide range of added-value services to get things running smoothly on your eLearning environment
eFront- eLearning and Skill Development Solution for Companies and Educational Institutes
Consider our wide range of added-value services to get things running smoothly on your eLearning environment
- periklis
- Posts: 4272
- Joined: Thu Oct 04, 2007 10:54 am
Re: Important security fix for all 3.5.x versions
by connect » Tue Mar 30, 2010 1:26 am
Hi Guys, is there a specific area we need to open this patch in?
- connect
- Posts: 181
- Joined: Wed Jul 30, 2008 1:11 am
Re: Important security fix for all 3.5.x versions
by periklis » Tue Mar 30, 2010 6:35 am
You just extract it inside your efront installation's main directory.
Periklis Venakis
eFront- eLearning and Skill Development Solution for Companies and Educational Institutes
Consider our wide range of added-value services to get things running smoothly on your eLearning environment
eFront- eLearning and Skill Development Solution for Companies and Educational Institutes
Consider our wide range of added-value services to get things running smoothly on your eLearning environment
- periklis
- Posts: 4272
- Joined: Thu Oct 04, 2007 10:54 am
4 posts
• Page 1 of 1
Return to News and Announcements
Who is online
Users browsing this forum: No registered users and 1 guest