Two exploits have been released that are already being used
to attack
insecure Geeklog installations as well as using a bug in the
"mcpuk"
file manager (which we're shipping with FCKeditor) to
upload and execute
malicious code.
Please see the following two articles for more information
and how to
protect against these exploits:
<http://www.geeklog.net/article.php/so-called-exploit>
<http://www.geeklog.net/article.php/explo
it-for-fckeditor-filemanager>
We have also released Geeklog 1.4.0sr4, removing the file
manager from
the distribution and adding additional protection for
insecure installations:
<http://www.geeklog.net/article.php/geeklog-1.4.0sr4>
--
http://www.geeklog.net/
http://geeklog.info/
_______________________________________________
geeklog-announce mailing list
geeklog-announce lists.geeklog.net
http://lists.geeklog.net/mailman/listinfo/geeklog-anno
unce
|