[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-developers] phpGroupWare 0.9.16.011 Security and Bug Fix R
From: |
Dave Hall |
Subject: |
[Phpgroupware-developers] phpGroupWare 0.9.16.011 Security and Bug Fix Release is out |
Date: |
Thu, 31 Aug 2006 22:24:15 +1000 |
Hi all,
A security vulnerability has been discovered in phpGW < 0.9.16.011 We
were not given a heads up before it was published.
The exploit is in the holiday code in calendar. It can only be
exploited with register_globals = on and gpc_magic_quotes = off.
The advisory can be found at
http://www.frsirt.com/english/advisories/2006/3414
There is code which exploits the vulnerability in the wild - see
http://milw0rm.com/exploits/2270
All users are strongly encouraged to upgrade immediately.
You can grab the new version from -
http://sourceforge.net/project/showfiles.php?group_id=7305
Or update from cvs
$ cd /path/to/phpgroupware
$ cvs update -dP
In addition to the security issue above, this release fixes support for
MySQL4.1+ and pgsql 8. Support for php5 has been improved too, php5
should now work with zend.ze1_compatibility_mode on
When grabbing your update, check out the conference -
http://conference.phpgroupware.org :)
Cheers
Dave
--
Dave Hall (aka skwashd)
API Coordinator
phpGroupWare
+-------------------------------------+-------------------------------+
| e address@hidden | w phpgroupware.org |
| j address@hidden | aim skwashd |
| icq 278064022 | msn address@hidden |
| sip address@hidden | y! skwashd |
+-------------------------------------+-------------------------------+
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-developers] phpGroupWare 0.9.16.011 Security and Bug Fix Release is out,
Dave Hall <=