Important security fix for all 3.5.x versions

News & Announcements directly from the eFront team

Important security fix for all 3.5.x versions

Postby periklis » Sun Mar 14, 2010 9:22 am

Geetings to the community
An important security issue was brought recently to our attention by Core Advisories Team, which will also issue a public warning next week.
Using a specially crafted url a malicious user can acquire web server privileges on systems running efront. A patch is already available, all 3.5.x users are strongly recommended to download and apply it
Periklis Venakis
eFront- eLearning and Skill Development Solution for Companies and Educational Institutes
Consider our wide range of added-value services to get things running smoothly on your eLearning environment
periklis
 
Posts: 4325
Joined: Thu Oct 04, 2007 10:54 am

Re: Important security fix for all 3.5.x versions

Postby periklis » Sun Mar 14, 2010 12:41 pm

btw, the offending file is www/editor/tiny_mce/langs/language.php. This is not needed in 3.6.0 and has been removed. However, it may be left over in cases 3.5.5 sites where updated to 3.6. If you are running 3.6.0 and have this file, it's safe to delete it. Next efront update will automatically remove the file from the system.
Periklis Venakis
eFront- eLearning and Skill Development Solution for Companies and Educational Institutes
Consider our wide range of added-value services to get things running smoothly on your eLearning environment
periklis
 
Posts: 4325
Joined: Thu Oct 04, 2007 10:54 am

Re: Important security fix for all 3.5.x versions

Postby connect » Tue Mar 30, 2010 1:26 am

Hi Guys, is there a specific area we need to open this patch in?
connect
 
Posts: 206
Joined: Wed Jul 30, 2008 1:11 am

Re: Important security fix for all 3.5.x versions

Postby periklis » Tue Mar 30, 2010 6:35 am

You just extract it inside your efront installation's main directory.
Periklis Venakis
eFront- eLearning and Skill Development Solution for Companies and Educational Institutes
Consider our wide range of added-value services to get things running smoothly on your eLearning environment
periklis
 
Posts: 4325
Joined: Thu Oct 04, 2007 10:54 am


Return to News and Announcements

Who is online

Users browsing this forum: No registered users and 1 guest