[geeklog-announce] Geeklog 1.6.0sr2 and FCKeditor-related issues
Dirk Haun
dirk at haun-online.de
Sun Aug 30 13:16:18 EDT 2009
An insecure configuration allowed unauthorized direct file uploads
through FCKeditor. While this did not pose a threat for the security of
a Geeklog site, it was apparently used to deposit malware on some
Geeklog sites.
Geeklog 1.6.0sr2 fixes this problem and is now available for download.
For details, please see
http://www.geeklog.net/article.php/geeklog-1.6.0sr2
We have also received reports of hacked Geeklog sites where, apparently,
older vulnerabilities in FCKeditor have been exploited. We strongly
suggest to check that you're running the latest version of FCKeditor
(2.6.4.1). If you don't use it, you can simply remove the "fckeditor"
directory from your webspace. We are also providing a drop-in
replacement for older Geeklog versions:
http://www.geeklog.net/filemgmt/index.php?id=971
--
http://www.geeklog.net/
http://geeklog.info/
More information about the geeklog-announce
mailing list